MCP-INDEX

mudit14224/mcp-serverscritical

A collection of MCP server tools in Typescript

This MCP server provides a collection of tools for CSV/XLSX file manipulation (reading, describing, plotting, handling nulls, dropping/renaming/select...

purpose: This MCP server provides a collection of tools forthreat: local with credentials

TypeScript · ★ 0 · May 21, 2026 · ⚙ May 22, 2026 · GITHUB ↗

heuristic signalsfilesystem.read network.http env.exposure filesystem.write auth.none

RISK SCORE

0/ 100 risk

low findings+5

medium findings+105

capped at100

VULNERABILITY ANALYSIS · 8 findings in 7 blocks0 HIGH · 7 MEDIUM

MEDIUM2 findings

csv-xlsx/src/tools/columnTools.ts:16

16const fullFilePath = path.join(workDir, filePath);
17if (!fs.existsSync(fullFilePath)) {
18    throw new Error(`File not found at: ${filePath}`);
19}
20
21const data = readData(fullFilePath);

MEDIUM1 finding

csv-xlsx/src/tools/correlation.ts:58

58const fullFilePath = path.join(workDir, filePath);
59
60if (!fs.existsSync(fullFilePath)) {
61    throw new Error(`File not found at: ${filePath}`);
62}
63
64const data = readData(fullFilePath);

csv-xlsx/src/index.ts:70→csv-xlsx/src/tools/correlation.ts:51

// Local-only MCP, requires compromised LLM to exploit

EXPLAINSame vulnerable pattern: filePath is joined with workDir without sanitization, allowing '../' traversal to read arbitrary files.

IMPACTArbitrary file read via path traversal.

FIXValidate resolved path is within workDir.

MEDIUM1 finding

csv-xlsx/src/tools/describeData.ts:14

14const fullFilePath = path.join(workDir, filePath)
15
16if (!fs.existsSync(fullFilePath)) {
17    throw new Error(`File not found at: ${filePath}`)
18}

csv-xlsx/src/index.ts:64→csv-xlsx/src/tools/describeData.ts:7

// Local-only MCP, requires compromised LLM to exploit

EXPLAINSame vulnerable pattern: filePath is joined with workDir without sanitization, allowing '../' traversal to read arbitrary files.

IMPACTArbitrary file read via path traversal.

FIXValidate resolved path is within workDir.

MEDIUM1 finding

// Source file not analyzed: csv-xlsx/src/tools/plotGraph.ts

// Finding inferred from import chain: csv-xlsx/src/index.ts:59 → csv-xlsx/src/tools/plotGraph.ts

csv-xlsx/src/index.ts:59→csv-xlsx/src/tools/plotGraph.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe plot_graph tool likely uses the same vulnerable pattern, allowing path traversal to read arbitrary files for plotting.

IMPACTArbitrary file read via path traversal.

FIXValidate resolved path is within workDir.

MEDIUM1 finding

// Source file not analyzed: csv-xlsx/src/tools/handleNulls.ts

// Finding inferred from import chain: csv-xlsx/src/index.ts:75 → csv-xlsx/src/tools/handleNulls.ts

csv-xlsx/src/index.ts:75→csv-xlsx/src/tools/handleNulls.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe handle_null_values tool likely uses the same vulnerable pattern, allowing path traversal to read and write arbitrary files.

IMPACTArbitrary file read and write via path traversal.

FIXValidate resolved path is within workDir.

MEDIUM1 finding

// Source file not analyzed: csv-xlsx/src/tools/readFile.ts

// Finding inferred from import chain: csv-xlsx/src/index.ts:54 → csv-xlsx/src/tools/readFile.ts

csv-xlsx/src/index.ts:54→csv-xlsx/src/tools/readFile.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe readFile tool (not fully shown) likely uses the same pattern as columnTools.ts, joining workDir with user-supplied filePath without sanitizing '../' sequences. This allows reading arbitrary files.

IMPACTArbitrary file read outside the intended working directory.

FIXValidate that the resolved path is within workDir.

LOW1 finding

google-maps/src/index.ts:146

146function getApiKey(): string {
147    const apiKey = process.env.GOOGLE_MAPS_API_KEY;
148    if (!apiKey) {
149        console.error("Cannot find GOOGLE_MAPS_API_KEY")
150        process.exit(1);
151    }
152    return apiKey
153}
154
155const GOOGLE_MAPS_API_KEY = getApiKey();

google-maps/src/index.ts:156

// Local-only MCP, requires compromised LLM to exploit; key is used in outbound requests

EXPLAINThe API key is read from environment variable and appended to every Google Maps API request URL as a query parameter. While this is standard practice, the key could be exposed in logs or error messages if the URL is logged. Additionally, the key is stored in a global constant and could be leaked via error messages or debugging output.

IMPACTAn attacker could obtain the API key from logs or error messages, leading to unauthorized usage and potential billing charges.

FIXAvoid logging URLs containing the API key. Consider using a proxy or server-side key management. Ensure error messages do not include the key.

◷ 5/22/2026

Findings are produced by automated LLM analysis and may include false positives or miss issues. Verify independently before acting.