mcp-server
Verified Safeby samaye-pro
Overview
Demonstrates a Model Context Protocol (MCP) WebSocket server in Go for bidirectional JSON messaging and executing predefined tools.
Installation
go run main.goSecurity Notes
The server's `websocket.Upgrader` is configured with `CheckOrigin: func(r *http.Request) bool { return true }`, which disables origin checking. This makes the WebSocket server vulnerable to Cross-Site WebSocket Hijacking (CSWSH) attacks if deployed in a production environment without proper remediation. While acceptable for a local demo, it's a critical security flaw for anything beyond that. There are no obvious hardcoded secrets, 'eval' equivalents, or other direct code execution vulnerabilities.
Similar Servers
header-test-mcp
An MCP server designed for debugging custom header implementations in MCP hosts/clients by providing a tool to retrieve request headers.
mymcp_backend
A Go backend server for managing and exposing MCP (Multi-Agent Communication Protocol) services, including dynamic registration and execution of user-defined Go functions as MCP tools.
go-devops-mcp
A Micro-Capability Platform (MCP) server designed to optimize routine DevOps tasks for backend developers and other users through a standardized tool interface.
mcp
This MCP server provides read-only access to a Service Atlas API, enabling browsing of teams, listing services by team, searching services by name, identifying service ownership, getting release information, and querying technical debt reports.