metrc-mcp-server
Verified Safeby samcorl
Overview
Provides AI agents with searchable access to METRC cannabis compliance documentation across multiple legal states.
Installation
ruby bin/mcp_http_serverSecurity Notes
The server primarily uses parameterized SQL queries and FTS5 for database interactions, which is a strong defense against SQL injection. Input sanitization is performed on search queries before FTS matching. The server sets broad CORS headers (`Access-Control-Allow-Origin: *`), which is acceptable for an AI agent integration but noted. There are no obvious 'eval' or shell command injection vulnerabilities. A minor potential risk could arise from the `get_by_endpoint` function using `LIKE` with user-controlled input (even if normalized), though its practical exploitability is limited in SQLite for this context. The importer script runs offline and reads local files, assuming a trusted source directory.
Similar Servers
docfork
Provides live-synced, context-aware, and version-accurate documentation to AI models, preventing hallucinations and context bloat for developer tasks.
mesh
An open-source control plane for Model Context Protocol (MCP) traffic, providing unified authentication, routing, observability, and tool management for AI agents and integrations across various services.
mcp-server
Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.
action_mcp
ActionMCP is a Ruby gem providing Model Context Protocol (MCP) server capabilities to Rails applications, enabling AI assistants to connect to external data sources and tools.