pipelane-server
by shiveshnavin
Overview
A server for building, scheduling, and managing custom data pipelines, integrating with AI agents via the Model Context Protocol (MCP) and providing a GraphQL API for interaction.
Installation
npm startEnvironment Variables
- PORT
- PIPELANE_HTTPS_PORT
- PIPELANE_HTTPS_KEY_PATH
- PIPELANE_HTTPS_CERT_PATH
- GEMINI_API_KEY
Security Notes
Critical security risks identified: 1. Direct use of `eval(js)` in `EvaluateJsTask` and related functions (`evalPlaceHolder.evaluatePlaceholdersInString`, `evalPlaceHolder.evalInScope`) allows arbitrary JavaScript code execution from user-defined pipeline inputs or task configurations. This is a severe Remote Code Execution (RCE) vulnerability. 2. `ShellTask` and `LoopShellTask` allow execution of arbitrary shell commands. The `allowedCommands` filter, as configured in `server/pipe-tasks/index.ts`, can include `"*"`, effectively bypassing all restrictions and enabling RCE via shell injection. These vulnerabilities make the system unsafe for untrusted users or without robust sandboxing.
Similar Servers
claude-flow
AI Agent Orchestration and Development Platform for Claude Code
klavis
Develop and deploy AI agents that interact with a wide array of web services (e.g., Gmail, YouTube, LinkedIn, Supabase, Salesforce, Kubernetes) through a standardized Model Context Protocol (MCP), often orchestrated by an intelligent routing layer like Strata.
metorial-platform
An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools.
ironmanus-mcp
Orchestrates AI workflows with an 8-phase control flow and specialized tools, serving as a Model Context Protocol (MCP) server.