mcp-server
by portone-io
Overview
An MCP (Model Context Protocol) server designed for PortOne users to provide official documentation, developer center, and help center content to Large Language Models (LLMs) for accurate information and to assist with integration and user queries, including some console functionalities like channel listing, test channel addition, sub-store lookup, and payment history lookup.
Installation
npx -y @portone/mcp-server@latestSecurity Notes
The `regexSearchPortoneDocs` tool (and `calculateBm25Scores` which it uses) directly constructs `RegExp` objects from user-provided `query` input (`new RegExp(query, 'gi')`) without apparent sanitization. This makes the server vulnerable to Regular Expression Denial of Service (ReDoS) attacks, where a maliciously crafted regex pattern could consume excessive CPU resources and make the server unresponsive. While no obvious hardcoded secrets or arbitrary code execution vulnerabilities are present, the ReDoS vulnerability is critical for a publicly accessible service or one integrated with an AI agent where input might be less constrained.
Similar Servers
fastapi_mcp
Automatically converts FastAPI endpoints into Model Context Protocol (MCP) tools for seamless integration with LLM agents.
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-context-forge
An MCP server for retrieving web content and files, then converting them to high-quality markdown format.
AI-Gateway
Provides a playground and lab environment to experiment with the Model Context Protocol (MCP) using Azure API Management to enable plug-and-play AI tools for Large Language Models (LLMs).