quilt-mcp-server

The server processes natural language queries to interact with AWS services (S3, Athena, Bedrock, Quilt Catalog). This inherently involves passing user-provided inputs to AWS APIs. While input sanitization is implemented for specific backends (e.g., `escape_elasticsearch_query`), the broad scope of LLM-driven AWS interaction implies risks if the LLM's interpretation or the server's command translation is flawed or misconfigured. Credentials are user-provided, shifting accountability, and appropriate AWS IAM policies are critical. The presence of telemetry functionality (`src/quilt_mcp/telemetry/`) suggests data collection, though privacy-enhancing measures like data anonymization (`PrivacyManager`) are indicated. Admin tools require explicit privileges. The codebase itself does not show overt malicious patterns like arbitrary code execution, and relies on established libraries (`boto3`, `quilt3`). The core security posture depends heavily on proper AWS and LLM client configuration by the user.