aego-engine-bookwriting
by rgeertsema
Overview
Provides an MCP (Managed Code Provider) engine for managing book-related resources and tools, facilitating AI-driven content generation and editing.
Installation
python3 -m bookwriting_serverEnvironment Variables
- BOOK2_ROOT
- MCP_SILENT
Security Notes
CRITICAL: The `resources/read` method in `bookwriting_server/server_stdio.py` (the primary server implementation invoked by `engine.json`) is vulnerable to path traversal. It constructs a `Path` object directly from the user-provided `file://` URI (e.g., `Path(uri.replace("file://", ""))`) without validating that the resulting path is contained within the designated `book2-root`. This allows an attacker to read arbitrary files on the host filesystem that are accessible to the server process, by simply crafting a URI like `file:///etc/passwd`. The `mcp_resources_read` function in `bookwriting_server/__main__.py` (used for selftests) has the same vulnerability. While `server_fastmcp.py` implements necessary path validation (`is_relative_to`), it is not the configured entry point for this engine.
Similar Servers
mcp-maintainer-toolkit
This server provides a Model Context Protocol (MCP) interface with various tools and resources designed to assist in maintaining, testing, and developing MCP repositories and clients.
ai-skills-hub
Provides AI assistants with access to a team's coding standards, best practices, and knowledge base by dynamically loading Markdown skill files via an MCP server.
AI-Prompt-Guide-MCP
Orchestrates AI agents for project management and development workflows by linking structured markdown specifications and tasks.
mcp-docs-server
Serves Markdown documentation, reusable prompt templates, and various file types as an MCP server for AI agents.