xiaozhi-esp32-server
Verified Safeby xinnan-tech
Overview
Provides a robust backend service for the Xiaozhi ESP32 intelligent terminal hardware, enabling AI assistant functionalities such as voice recognition, natural language processing, knowledge base integration, voice cloning, and device control through MQTT, Websocket, and MCP protocols.
Installation
docker-compose up -dEnvironment Variables
- VUE_APP_API_BASE_URL
- VUE_APP_USE_CDN
- SPRING_DATASOURCE_URL
- SPRING_DATASOURCE_USERNAME
- SPRING_DATASOURCE_PASSWORD
- RENREN_REDIS_OPEN
- OPENAI_API_KEY
Security Notes
The project demonstrates efforts in security by including XSS/SQL injection filters, JWT-based authentication, HMAC for data signing, and SM2 for password encryption. Configuration parameters, including API keys for external AI services, are externalized. However, the extensive control over connected ESP32 devices (e.g., reboot, firmware upgrade, photo capture) via MCP endpoints introduces a significant attack surface. The multi-service (Java, Python, Vue.js) and distributed nature (IoT devices, external APIs) increases complexity and potential for misconfiguration, which could be exploited. Users must ensure strict security practices for device pairing, network segmentation, and API key management.
Similar Servers
xiaozhi-esp32-server-java
Java backend for ESP32 smart hardware devices, providing a management platform with AI agent capabilities for intelligent device control and interactive voice features.
mcp-server-mysql
A backend server application for a Modular Control Platform (MCP) or Microservice Control Plane, likely built with Node.js/TypeScript and integrating with MySQL, potentially featuring AI/LLM evaluation capabilities.
ha-mcp
A Model Context Protocol server that provides complete control over Home Assistant through REST API and WebSocket integration with a wide array of enhanced tools.
thingspanel-mcp
Serves as a Model Context Protocol (MCP) server for the ThingsPanel IoT platform, enabling natural language interaction with IoT devices for querying information, monitoring status, controlling functions, and analyzing platform data.