mcp-server

The system includes highly sensitive tools like `run_command` in `mcp_server_cloud_assistant` (for executing commands on instances) and `run_code` in `mcp_server_vefaas_sandbox` (for executing arbitrary code strings in a sandbox). While the sandbox is mentioned, exposing such powerful execution capabilities to an AI agent, even with a sandbox, introduces significant security risks including potential for sandbox escapes, resource exhaustion, or unintended malicious code execution. Additionally, the `mcp_server_vke` can manage Kubernetes resources, and while write operations are opt-in via `ALLOW_WRITE=true`, enabling this allows an AI agent to perform destructive or high-privilege actions on a Kubernetes cluster. OAuth is implemented for SSE transport, which adds complexity and potential attack surface. Credentials (Access Key, Secret Key) are handled via environment variables, which is a good practice, but the presence of broad execution tools drastically lowers the overall safety for direct LLM exposure.