toolcall
by sceiler
Overview
Creating and serving custom tools for AI models (LLMs) via the Model Context Protocol (MCP) using a minimal and type-safe API.
Installation
npx tsx examples/server.tsSecurity Notes
The `McpClient.connect` method in `src/client.ts` uses `child_process.spawn` with an unsanitized `target` string. If this `target` is derived from untrusted user input, it creates a severe command injection vulnerability. The server-side (using `serve`), while robustly validating tool parameters with Zod, does not implement specific mitigations against denial-of-service (DoS) attacks from excessively large or malformed JSON inputs. Furthermore, the overall security highly depends on the safety of the user-provided `execute` functions within the tools, as the framework cannot prevent arbitrary or malicious code within these user-defined functions.
Similar Servers
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
mcp-execution
Generates executable, type-safe TypeScript tools from any MCP server, enabling AI agents to progressively load only the tools they need for significant token savings.
mcp
An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.
claude-faf-mcp
Provides AI-optimized context for software projects to large language models, enhancing collaboration and project understanding via 50+ specialized tools within Claude Desktop workflows.