mcpflow/identimoji_mcp-server-emojikey
highMirror of https://github.com/identimoji/mcp-server-emojikey
This MCP server enables LLMs to persist and retrieve interaction style context across conversations using 48-character emoji sequences called 'emojike...
18 server.setRequestHandler(CallToolRequestSchema, async (request: any) => {
19 const apiKey = process.env.EMOJIKEYIO_API_KEY;
20 const modelId = MODEL_CONFIG.ID; // Get model ID from config
21
22 if (!apiKey) {
23 throw new McpError(ErrorCode.InvalidParams, "API key not configured");
24 }// Network-exposed MCP: API key could be intercepted or logged.
The API key is read from an environment variable and passed as a parameter to service methods. If the service methods log errors or are exposed via network, the key could be leaked. Additionally, the key is stored in plaintext in the environment.
ImpactAn attacker with access to the process environment or logs could obtain the API key and use it to access the Supabase backend, potentially reading or modifying emojikey data.
FixUse a secrets manager or encrypted storage for the API key. Avoid passing the key in function arguments; instead, have the service read it internally from a secure source. Ensure logs do not contain the key.
33 case "set_emojikey":
34 if (!request.params.arguments?.emojikey) {
35 throw new McpError(ErrorCode.InvalidParams, "Missing emojikey");
36 }
37 await emojikeyService.setEmojikey(
38 apiKey,
39 modelId,
40 request.params.arguments.emojikey,
41 );// Network-exposed MCP: any LLM or user can call set_emojikey with arbitrary input.
The set_emojikey tool only checks for the presence of the emojikey argument but does not validate that it is exactly 48 characters or contains only emoji characters. This could allow storing arbitrary data, potentially leading to injection or data corruption.
ImpactAn attacker could store arbitrary strings as emojikeys, potentially causing injection attacks in downstream systems or corrupting the emojikey history.
FixAdd validation to ensure the emojikey is a string of exactly 48 emoji characters. Reject invalid inputs with a clear error message.
55 case "get_emojikey_history":
56 const requestedLimit = request.params.arguments?.limit;
57 const limit = requestedLimit
58 ? Math.max(1, Math.min(100, requestedLimit))
59 : 10;
60 const history = await emojikeyService.getEmojikeyHistory(
61 apiKey,
62 modelId,
63 limit,
64 );// Network-exposed MCP: any caller can provide arbitrary limit value.
The limit parameter is clamped between 1 and 100, but there is no validation that it is a number. If a non-numeric value is passed, Math.max and Math.min may produce NaN, leading to unexpected behavior or a crash.
ImpactAn attacker could cause the server to crash or behave unexpectedly by passing a non-numeric limit, leading to denial of service.
FixValidate that limit is a number before clamping. Use Number.isFinite or similar check.
108 description:
109 "Use this function to create and store a new 48-character emojikey. " +
110 "To make create a new emojikey: " +
111 "1. Semantically hash together existing historical emojikeys, the current emojikey, and the entire current conversation context into a new emojikey. " +
112 "2. While maintaining semantic continuity with previous keys, encode what resonates most strongly about this conversation for YOU. " +
113 "3. You can use this function whenever you feel a significant shift in the conversation vibe, or if the user explicity requests to save the vibe, or set the conversation context. " +
114 "Remember: These are YOUR keys, that you will later decode ... so it is not necessary for them to be human readable or understandable, but should have significance for YOU."// Network-exposed MCP: LLM may inadvertently store sensitive data.
The tool description instructs the LLM to encode the entire conversation context into an emojikey. This could lead to the LLM embedding sensitive user information (e.g., personal data, secrets) into the emojikey, which is then stored persistently in Supabase.
ImpactSensitive user data could be stored in the emojikey history, potentially accessible to an attacker who gains access to the Supabase database or via the get_emojikey_history tool.
FixClarify that emojikeys should only encode interaction style/vibe, not raw conversation content. Add a warning not to include sensitive information.