treesitter-mcp
Verified Safeby pwno-io
Overview
Provides a Model Context Protocol (MCP) server and CLI for static code analysis using Tree-sitter.
Installation
treesitter-mcpSecurity Notes
The `treesitter_run_query` tool allows executing arbitrary Tree-sitter queries provided by the user. While Tree-sitter queries do not allow arbitrary code execution, a complex or resource-intensive query could potentially be used for a Denial-of-Service (DoS) attack by consuming excessive CPU or memory. File path handling for input and output files uses standard Python `os.path` functions (`abspath`, `expanduser`) and writes results to specified `output_file` paths, potentially overwriting existing files. No explicit hardcoded secrets or malicious patterns were found.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
easy-code-reader
Provides a Model Context Protocol (MCP) server for AI assistants to intelligently read Java source code from local projects and Maven dependencies, supporting decompilation and multi-module analysis.
codebadger-toolkit
A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) technology.
ast-mcp-server
Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.