MCP-INDEX
[ ⌘K ]
BACK TO SEARCH
dalisys/i18n-mcpcritical

MCP server for managing i18n translation files. This server enables LLMs to intelligently manage translations, analyze code for hardcoded strings, and maintain consistency across multiple language files with real-time file watching and advanced search capabilities.

This MCP server manages i18n translation files, enabling LLMs to search, add, update, delete translations, analyze code for hardcoded strings, validat...

purpose: This MCP server manages i18n translation files, enthreat: local with credentials
TypeScript · 11 · May 21, 2026 · May 21, 2026 · GITHUB ↗
RISK SCORE
0/ 100 risk
medium findings+180
capped at100
VULNERABILITY ANALYSIS · 12 findings in 12 blocks0 HIGH · 12 MEDIUM
MEDIUM1 finding
src/core/code-analyzer.ts:162
162async analyzeFile(
163    filePath: string,
164    options: CodeAnalysisOptions = {}
165  ): Promise<CodeAnalysisResult> {
166    const {
167      extractHardcoded = true,
168      findUsage = true,
169      translationIndex,
170      minStringLength = 3,
171      excludePatterns = []
172    } = options;
173
174    try {
175      const content = await fs.readFile(filePath, 'utf-8');
src/server/mcp-tools.ts:107-109src/tools/analyze-codebase.tssrc/tools/extract-to-translation.tssrc/core/code-analyzer.ts:162

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `analyzeFile` method accepts a `filePath` parameter that is used directly in `fs.readFile` without any validation or sanitization. The tools that call this method (e.g., `analyze_codebase`, `extract_to_translation`) accept file paths from user input, allowing an attacker to read arbitrary files on the system.
IMPACTAn attacker could read any file on the system that the process has access to, such as configuration files, source code, or credentials.
FIXValidate that the provided file path is within the project root or a configured source directory. Use path resolution and ensure the resolved path starts with the allowed base directory.
MEDIUM1 finding

// Source file not analyzed: src/tools/extract-to-translation.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:109 → src/tools/extract-to-translation.ts

src/server/mcp-tools.ts:109src/tools/extract-to-translation.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `extract_to_translation` tool is described as extracting a hardcoded string from a file and replacing it with a translation key. This implies writing to the file system. If the file path is not validated, an attacker could write to arbitrary files, potentially overwriting critical system files or injecting malicious code.
IMPACTAn attacker could overwrite any file the process has write access to, leading to code execution, data corruption, or privilege escalation.
FIXRestrict file writes to the project's source directory. Validate that the resolved path is within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/cleanup-unused-translations.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:110 → src/tools/cleanup-unused-translations.ts

src/server/mcp-tools.ts:110src/tools/cleanup-unused-translations.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `cleanup_unused_translations` tool modifies translation files to remove unused keys. If the tool accepts user-provided file paths without validation, an attacker could delete content from arbitrary files or write to unintended locations.
IMPACTAn attacker could delete or corrupt translation files outside the intended scope, or write to arbitrary files.
FIXRestrict file modifications to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/reorganize-translation-files.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:115 → src/tools/reorganize-translation-files.ts

src/server/mcp-tools.ts:115src/tools/reorganize-translation-files.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `reorganize_translation_files` tool rewrites translation files. If it accepts user-provided file paths without validation, an attacker could write to arbitrary files.
IMPACTAn attacker could overwrite any file the process has write access to.
FIXRestrict file writes to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/add-translations.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:102 → src/tools/add-translations.ts

src/server/mcp-tools.ts:102src/tools/add-translations.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `add_translations` tool adds new translations to translation files. If it accepts user-provided file paths without validation, an attacker could write to arbitrary files.
IMPACTAn attacker could write arbitrary content to any file the process has write access to.
FIXRestrict file writes to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/update-translation.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:104 → src/tools/update-translation.ts

src/server/mcp-tools.ts:104src/tools/update-translation.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `update_translation` tool updates existing translations. If it accepts user-provided file paths without validation, an attacker could write to arbitrary files.
IMPACTAn attacker could modify any file the process has write access to.
FIXRestrict file writes to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/delete-translations.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:118 → src/tools/delete-translations.ts

src/server/mcp-tools.ts:118src/tools/delete-translations.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `delete_translation` tool deletes translation keys from files. If it accepts user-provided file paths without validation, an attacker could delete content from arbitrary files.
IMPACTAn attacker could delete or corrupt any file the process has write access to.
FIXRestrict file modifications to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/validate-structure.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:113 → src/tools/validate-structure.ts

src/server/mcp-tools.ts:113src/tools/validate-structure.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `validate_structure` tool reads translation files to validate structure. If it accepts user-provided file paths without validation, an attacker could read arbitrary files.
IMPACTAn attacker could read any file on the system that the process has access to.
FIXRestrict file reads to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/check-translation-integrity.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:114 → src/tools/check-translation-integrity.ts

src/server/mcp-tools.ts:114src/tools/check-translation-integrity.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `check_translation_integrity` tool reads translation files to check integrity. If it accepts user-provided file paths without validation, an attacker could read arbitrary files.
IMPACTAn attacker could read any file on the system that the process has access to.
FIXRestrict file reads to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/generate-types.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:119 → src/tools/generate-types.ts

src/server/mcp-tools.ts:119src/tools/generate-types.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `generate_types` tool reads translation files to generate TypeScript types. If it accepts user-provided file paths without validation, an attacker could read arbitrary files.
IMPACTAn attacker could read any file on the system that the process has access to.
FIXRestrict file reads to the configured translation directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/search-missing-translations.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:108 → src/tools/search-missing-translations.ts

src/server/mcp-tools.ts:108src/tools/search-missing-translations.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `search_missing_translations` tool reads source code files to find translation key usage. If it accepts user-provided file paths without validation, an attacker could read arbitrary files.
IMPACTAn attacker could read any file on the system that the process has access to.
FIXRestrict file reads to the configured source directory. Validate that all file paths are within the allowed scope.
MEDIUM1 finding

// Source file not analyzed: src/tools/analyze-codebase.ts

// Finding inferred from import chain: src/server/mcp-tools.ts:107 → src/tools/analyze-codebase.ts

src/server/mcp-tools.ts:107src/tools/analyze-codebase.ts

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe `analyze_codebase` tool reads source code files to find hardcoded strings. If it accepts user-provided file paths without validation, an attacker could read arbitrary files.
IMPACTAn attacker could read any file on the system that the process has access to.
FIXRestrict file reads to the configured source directory. Validate that all file paths are within the allowed scope.
5/21/2026
Findings are produced by automated LLM analysis and may include false positives or miss issues. Verify independently before acting.