Model Context Protocol moderate risk

Mcpmcp

The mcpmcp-server facilitates MCP server discovery and integration, enabling AI workflows by executing remote mcp-remote instances via npx.

Connections & Capabilities

Connects To

GitHubTwitter

Capabilities

exec

Quickstart

Config

{
  "mcpServers": {
    "mcpmcp": {
      "command": "npx",
      "args": ["-y", "mcp-remote@latest", "https://mcpmcp.io/mcp"]
    }
  }
}

Exposed MCP Tools (1)

high

mcp-remote

Executes a remote MCP server instance, enabling communication between client and server.

Executes arbitrary code from a remote source, potentially leading to security vulnerabilities if the remote code is compromised.

Safety Assessment

This server presents a moderate risk due to its execution of remote code. It's reasonably safe if the mcp-remote package is well-maintained and secure. However, it becomes risky if the package is compromised or contains vulnerabilities, especially concerning command injection.

Execution is sandboxed within the npx environment.
Requires explicit user configuration to enable.
Limited scope based on the mcp-remote tool's capabilities.
The server itself doesn't inherently expose sensitive data.

Executes arbitrary code from a remote source (mcp-remote@latest).
Potential for command injection if arguments are not properly sanitized by mcp-remote.
Depends on the security of mcpmcp.io and npm registry.
No built-in RBAC or access controls at the server level.
The `npx -y` command bypasses confirmation prompts, potentially leading to unintended execution.