mcp-servers-github-mslearn-filesystem
by sahil-makandar
Overview
A multi-server Model Context Protocol client orchestrating GitHub, MS Learn, and FileSystem tools via Azure OpenAI for an AI agent.
Installation
python client.pyEnvironment Variables
- AZURE_OPENAI_ENDPOINT
- AZURE_OPENAI_KEY
- AZURE_OPENAI_DEPLOYMENT
- GITHUB_TOKEN
Security Notes
The `server_filesystem.py` module exposes `read_file` and `save_file` tools directly to the AI without adequate path sanitization or validation. The `read_file` tool takes a `filepath` argument, which can be exploited via path traversal (e.g., `../../../../etc/passwd`) to read arbitrary files on the system that the Python process has permissions for. Similarly, `save_file` constructs paths using `topic` and `filename` arguments, which could be manipulated via path traversal to write files outside the intended `data/` directory. This poses a significant risk for data exfiltration (e.g., `.env` file containing API keys) or arbitrary file writes, even if the AI is generally trusted, as prompt injection could exploit these vulnerabilities.
Similar Servers
filesystem-mcp
This server provides tools for reading, creating, editing files, and listing directories on the local filesystem, enabling automation of tasks like configuration updates, report generation, and code refactoring.
pulse-tm
Pulse is a terminal-based task manager designed for developers to manage projects and tasks, offering CLI, TUI, and seamless integration with AI agents via the Model Context Protocol (MCP).
FileMcpServer
A server application potentially involved in file management or resource control, based on its name.
mcp-server-example
Provides a basic demonstration of server functionality, likely for educational purposes or as a starting point for network application development.