mcp-file-preview

1. Arbitrary Local File Access (High Risk): The `preview_file` and `analyze_content` tools accept `filePath` directly from user input. This allows an MCP client to request reading or screenshotting any file on the host system where the server is running, given the server's process permissions, potentially leading to information disclosure (Local File Inclusion). 2. Hardcoded Absolute Screenshot Path (Critical Flaw/Misconfiguration): The server saves screenshots to a hardcoded absolute path: `/Users/seanivore/Projects/mcp-file-preview/screenshots`. This path is specific to a developer's machine and user. For anyone else to use this server, this path *must* be manually changed in the source code. Otherwise, it will likely fail to write screenshots or attempt to write to an inaccessible/unintended location. 3. Content Security Policy (CSP) Bypass (Medium Risk): The `page.setBypassCSP(true)` call disables a crucial browser security feature. If the HTML content being previewed contains malicious scripts, they could execute without CSP restrictions, potentially interacting with local filesystem or network resources available to the Puppeteer instance. 4. Path Traversal in CSS Injection (Potential): The server attempts to inject CSS files using relative paths (`path.join(baseDir, '..', 'style.css')`). A maliciously crafted `filePath` containing path traversal sequences (e.g., `../../`) could potentially lead to reading unintended CSS files from other system directories, exacerbating the LFI risk.