Test_Remote_MCP_Server
Verified Safeby prabalk-nepa
Overview
A natural language expense tracking application with a FastMCP server and a React frontend, allowing users to manage expenses via chat.
Installation
uv run python -m src.serverEnvironment Variables
- VITE_OPENAI_API_KEY
- VITE_MCP_SERVER_URL
- DATABASE_PATH
- MCP_SERVER_HOST
- MCP_SERVER_PORT
- MCP_TRANSPORT
- ENVIRONMENT
- LOG_LEVEL
Security Notes
The client-side code (`mcp-client.ts`) is designed to communicate with a `/call_tool` endpoint via HTTP POST. This endpoint is implemented in `src/http_server.py` (a FastAPI server). This FastAPI server is configured with `CORSMiddleware(allow_origins=['*'])`, which is a significant security vulnerability in a production environment as it allows any domain to make cross-origin requests, potentially enabling XSS or other attacks. While the database interactions utilize parameterized SQL queries (`sqlite_client.py`), preventing SQL injection, the broad CORS configuration is a critical exposure. There is also a structural inconsistency: the official `README.md` instructs to run `src/server.py` (a FastMCP server), not `src/http_server.py` (the FastAPI server the client is configured for). If `src/server.py` is run, the client's `callTool` requests to `/call_tool` will likely fail as `src/server.py` does not provide this endpoint directly.
Similar Servers
practice-mcp-server
A personal AI assistant backend server for managing notes, tasks, and calendar events, with web scraping and semantic search capabilities.
Test-Mcp-Server
An expense tracker server that allows adding, listing, and summarizing financial expenses.
test-remote-mcp-server
An API server for managing personal expenses, allowing users to add, list, and summarize expense entries.
TEST-REMOTE-MCP-SERVER
Manages and tracks personal expenses, allowing users to add, list, and summarize financial transactions.