lite-mcp

The system inherently exposes powerful host-level operations as 'tools', which pose significant security risks if not strictly protected by authentication and authorization. Critical concerns include: 1. **Arbitrary Command Execution**: The `ExternalMCPServer` allows launching external MCP services by executing commands and arguments from configuration files (`config/external_mcp.json`). If these configurations can be modified by an untrusted entity, it leads to arbitrary code execution on the host machine. 2. **Direct Filesystem Manipulation**: The `FileSystemMCPServer` provides direct access to create, read, write, delete, copy, and move files/directories. This can lead to full filesystem compromise if exposed to untrusted input. 3. **Device Control**: `AndroidMCPServer` and `MouseMCPServer` enable direct control of Android devices (via ADB) and the host's mouse/keyboard (via `pyautogui`), respectively. These are high-privilege operations. 4. **Client-Side Code Execution (Frontend)**: The `CodeExecutorTool.js` (client-side) attempts to sandbox code execution, but client-side sandboxing is not foolproof and still introduces risk if malicious code can bypass it. These features, while powerful for automation, make the server unsafe to run in an untrusted environment or without robust access control mechanisms.