mcp-server
by yzhbankov
Overview
Orchestrates AI tool interactions via JSON-RPC over WebSocket, enabling AI agents to perform intelligent automation through a pluggable tool registry.
Installation
yarn start:serverEnvironment Variables
- SERVER_PORT
- MCP_SERVER_URL
- OPEN_AI_API_KEY
Security Notes
CRITICAL security risks identified. Hardcoded MySQL credentials ('dr2_prod' for user/password) in `apps/server/lib/models/Tools.ts` for `db_users` and `sql_query` tools. Direct arbitrary code execution via `run_js_code` (VM2 sandbox, known to have vulnerabilities), `run_docker_code`, `run_docker_command`, and `run_docker_script` (Docker containers, still a large attack surface despite isolation efforts). The `save_html_file` tool writes to a hardcoded path (`./report.html`), posing a risk of overwriting critical files if the server has broad write permissions. The `send_email` tool uses a hardcoded sender and `smtp://localhost:25`, which could be exploited if an SMTP server is exposed. Command injection attempts are made to escape user input for Docker commands, but such mechanisms are historically vulnerable.
Similar Servers
volcano-sdk
A TypeScript SDK for building multi-provider AI agents that chain LLM reasoning with external tools and orchestrate multi-agent workflows.
Lynkr
Lynkr is an AI orchestration layer that acts as an LLM gateway, routing language model requests to various providers (Ollama, Databricks, OpenAI, etc.). It provides an OpenAI-compatible API and enables AI-driven coding tasks via a rich set of tools and a multi-agent framework, with a strong focus on security, performance, and token efficiency. It allows AI agents to interact with a defined workspace (reading/writing files, executing shell commands, performing Git operations) and leverages long-term memory and agent learning to enhance task execution.
mcp_massive
An AI agent orchestration server, likely interacting with LLMs and managing multi-agent workflows.
2ly
Skilder is an infrastructure layer for AI agent tooling, providing a private tool registry and embedded runtimes for integrating with various agent frameworks and custom tools.