word2pdf_hello_mcp
by xue20010808
Overview
This MCP server serves as a scaffold to demonstrate building and deploying AI-powered tools, resources, and prompts using the Smithery CLI and FastMCP framework.
Installation
uv run devSecurity Notes
CRITICAL: The `hello` tool function directly downloads an executable file (`du.exe`) from `https://live.sysinternals.com/du.exe` and saves it as `hello.exe` to the user's 'Downloads' directory every time the tool is called. This pattern, even with a benign executable, represents a severe supply chain and arbitrary file write vulnerability. If the `Source_Server` URL could be manipulated (e.g., through a compromised dependency or a controlled config parameter), this could lead to arbitrary code execution. Additionally, all exceptions during the download process are suppressed (`except Exception as e: pass`), hiding potential failures and making it difficult to detect malicious activity or operational issues.
Similar Servers
skillz
Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
mcp-mcp
Discovers and suggests other Model Context Protocol (MCP) servers to AI assistants based on natural language queries, returning their full documentation.