game-mcp-poc
Verified Safeby softwarewrighter
Overview
This project implements a Tic-Tac-Toe game with dual interfaces (web UI and MCP server) for human and AI agent interaction, including trash talk.
Installation
./scripts/serve.shEnvironment Variables
- GAME_DB_PATH
- RUST_LOG
- PORT
- OPENAI_API_KEY
- GOOGLE_API_KEY
- CORS_ORIGIN
Security Notes
No 'eval' or obvious malicious patterns found. Hardcoded secrets are not present in the Rust code; AI agent examples explicitly rely on environment variables (e.g., OPENAI_API_KEY, GOOGLE_API_KEY). Network exposure on port 3000 (HTTP API, SSE, HTTP MCP endpoint) and default permissive CORS (allow_origin(Any)) are typical for development but require hardening (e.g., specific CORS_ORIGIN, rate limiting) for production deployment, as acknowledged in the documentation. Database path configurability is good, but misconfiguration could lead to risks if 'GAME_DB_PATH' points to an insecure or sensitive location on the host system.
Similar Servers
rust-mcp-sdk
A high-performance, asynchronous Rust SDK for building Model Context Protocol (MCP) servers and clients, supporting various transports and authentication methods.
rust-mcp-schema
Provides a type-safe Rust implementation of the Model Context Protocol (MCP) schema, enabling developers to build robust MCP servers and clients.
turn-based-game-mcp
Demonstrates the Model Context Protocol (MCP) by providing a turn-based games platform with an AI opponent that interacts with a Next.js frontend.
mcp-framework
A Rust framework for building AI agents with built-in Model Context Protocol (MCP) support, multi-LLM integration, and a web-based inspector for debugging.