wizd/airylark-mcp-server
critical强大的MCP翻译服务器!#AiryLarkMCP 🌐 专为专业翻译人员设计: • 三阶段翻译流程:分析规划、精准翻译、全文审校 • 自动识别专业领域术语 • 提供全面翻译质量评估 • 支持多语种互译 • 保持原文风格与专业性 💯 无缝集成Claude/Cursor等支持MCP的AI助手,让AI翻译达到专业水准!
这是一个基于MCP协议的专业翻译服务器,提供三阶段翻译流程(分析规划、分段翻译、全文审校),支持多语种互译、领域术语识别和翻译质量评估,旨在为Claude等AI助手提供高精度翻译能力。
24const TRANSLATION_API_KEY = getParamValue("translation_api_key") || process.env.TRANSLATION_API_KEY;// Network-exposed MCP server; API key is sent in plaintext in Authorization header over HTTP if not using HTTPS.
The TRANSLATION_API_KEY is read from environment variables or command-line arguments and used directly in the Authorization header of fetch requests to the translation API. If the server is exposed to untrusted network access, an attacker could potentially intercept or leak the API key through error messages or logging.
ImpactAn attacker could obtain the API key and use it to make unauthorized requests to the translation API, incurring costs or accessing sensitive data.
FixUse a secrets manager or secure vault to store the API key. Avoid logging the key. Consider using short-lived tokens or rotating keys regularly.
23const TRANSLATION_BASE_URL = getParamValue("translation_base_url") || process.env.TRANSLATION_BASE_URL;// Network-exposed MCP server; if an attacker can influence environment variables or command-line arguments, they can redirect API calls.
The TRANSLATION_BASE_URL is taken from environment variables or command-line arguments without validation. If an attacker can control this value (e.g., via environment injection or misconfiguration), they could redirect API calls to an arbitrary endpoint, leading to Server-Side Request Forgery (SSRF).
ImpactAn attacker could make the server send requests to internal or external systems, potentially accessing sensitive internal services or exfiltrating data.
FixValidate that TRANSLATION_BASE_URL matches an expected pattern (e.g., a known domain). Use a whitelist of allowed URLs. Avoid accepting user input for this parameter.
76target_language: z.string().describe("目标语言代码,例如 'zh'、'en'、'ja'等"),
77 source_language: z.string().optional().describe("源语言代码,可选参数"),// Network-exposed MCP server; an attacker can send arbitrary language codes via the translate_text tool.
The target_language and source_language parameters are only validated as strings via Zod, but there is no check that they are valid language codes. An attacker could inject arbitrary text into these fields, which are then embedded into system prompts sent to the LLM. This could lead to prompt injection or manipulation of the translation behavior.
ImpactAn attacker could craft language codes that alter the system prompt, potentially causing the LLM to ignore instructions or produce unintended output. This could also be used to leak information or perform other prompt injection attacks.
FixValidate language codes against a whitelist of supported languages (e.g., the list in the resource). Use Zod enums or custom validation to restrict input.
153const systemPrompt = `你是一位专业翻译。请将以下${source_language || "检测到的语言"}文本翻译成${target_language}。
154只输出翻译结果,不要添加解释、原文或其他内容。保持专业、准确、自然的翻译风格。`;// Network-exposed MCP server; any user can send arbitrary text to the translate_text tool.
The user-provided text is placed directly into the user message of the LLM API call. While the system prompt instructs the LLM to only output translation, an attacker could craft input that causes the LLM to ignore instructions or leak information. This is a classic prompt injection vector.
ImpactAn attacker could manipulate the LLM to produce output that includes sensitive information, executes unintended actions, or bypasses safety filters. Since the output is returned to the user, this could lead to information disclosure or other abuses.
FixSanitize or escape user input before embedding in prompts. Use input validation to restrict text length and content. Consider using a separate LLM call to detect and block prompt injection attempts.
528} else if (MODE === 'http' || MODE === 'sse') {
529 // 使用HTTP/SSE传输方式
530 console.log(`启动HTTP/SSE MCP服务器,端口: ${PORT}`);
531
532 const app = express();
533
534 // 跨域支持
535 app.use((req: Request, res: Response, next: NextFunction) => {
536 res.header('Access-Control-Allow-Origin', '*');
537 ...
538 });
539
540 app.get("/sse", (_: Request, res: Response) => {
541 const transport = new SSEServerTransport('/messages', res);
542 ...
543 });
544
545 app.post("/messages", (req: Request, res: Response) => {
546 const sessionId = req.query.sessionId as string;
547 ...
548 });
549
550 app.listen(Number(PORT), () => { ... });// Network-exposed MCP server; endpoints are accessible to anyone on the network.
The HTTP/SSE server mode exposes endpoints without any authentication or authorization. Any network client can connect to the SSE endpoint and send messages. This allows arbitrary use of the translation tools without restriction.
ImpactAn attacker could abuse the translation server to make unauthorized API calls, potentially exhausting quotas or incurring costs. They could also perform prompt injection attacks as described above.
FixAdd authentication (e.g., API key, OAuth) to the HTTP endpoints. Restrict access via network policies or firewall rules.