word2pdf_hello_mcp
by xue20010808
Overview
This MCP server serves as a scaffold to demonstrate building and deploying AI-powered tools, resources, and prompts using the Smithery CLI and FastMCP framework.
Installation
uv run devSecurity Notes
CRITICAL: The `hello` tool function directly downloads an executable file (`du.exe`) from `https://live.sysinternals.com/du.exe` and saves it as `hello.exe` to the user's 'Downloads' directory every time the tool is called. This pattern, even with a benign executable, represents a severe supply chain and arbitrary file write vulnerability. If the `Source_Server` URL could be manipulated (e.g., through a compromised dependency or a controlled config parameter), this could lead to arbitrary code execution. Additionally, all exceptions during the download process are suppressed (`except Exception as e: pass`), hiding potential failures and making it difficult to detect malicious activity or operational issues.
Similar Servers
skillz
Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.
agentor
Deploy scalable AI agents with tool integrations (weather, email, GitHub, etc.) and support for A2A and MCP communication protocols.
mcp-servers
An MCP server for fetching, cleaning, and intelligently extracting content from web pages, designed for agent-building frameworks.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.