hcore-mcp
by vromano-newel
Overview
The HCore MCP Server exposes HCore APIs, organized into Postman collections, as tools for AI clients like Cursor to interact with backend services for healthcare data management.
Installation
npm startEnvironment Variables
- POSTMAN_ENVIRONMENT_FILE
- PHR_PATH
- AUTH_PATH
- ADHERENCE_PATH
- CONTENT_PATH
- OBESITY_PATH
- PJBUILDER_PATH
Security Notes
Multiple hardcoded sensitive values (API keys, client secrets, default admin password 'Admin1!') are present in 'nwl.obesity.stage.postman_environment.json'. The 'resolveTemplates' function performs direct variable substitution into request URLs, headers, and bodies, creating a significant risk of injection (e.g., Server-Side Request Forgery, header injection, or arbitrary data manipulation in downstream systems) if variable values originate from untrusted or unsanitized input provided by the MCP client. This allows an attacker to control parts of HTTP requests, potentially leading to unauthorized access or data breaches.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
Unla
Transforms existing MCP Servers and APIs into MCP protocol-compliant endpoints through configuration, enabling LLM tool calling without code changes.
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.