MCP-INDEX
[ ⌘K ]
BACK TO SEARCH
RLabs-Inc/codebase-curatorcritical

A set of tools to use while coding using the Claude code cli. "smartgrep" is a grep-like tool that uses a semantic index of the codebase to provide Claudes with information tailored for how they think. Claudes love it! A "codebase-curator" Claude to assist the "developer" Claude in his coding tasks, together they implement fully integrated code.

Codebase Curator is an MCP server that provides a dedicated 'Curator Claude' to deeply analyze and understand a codebase, offering tools for codebase ...

purpose: Codebase Curator is an MCP server that provides a threat: local only
TypeScript · 8 · May 21, 2026 · May 22, 2026 · GITHUB ↗
RISK SCORE
0/ 100 risk
low findings+5
medium findings+105
capped at100
VULNERABILITY ANALYSIS · 8 findings in 8 blocks0 HIGH · 7 MEDIUM
MEDIUM1 finding
src/mcp-servers/codebase-curator/server.ts:365
365curator.setProjectPath(args?.path as string)
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe path parameter is passed directly from user input to the curator service without any validation or sanitization. This could allow path traversal attacks if the curator service uses this path to read files or navigate the file system.
IMPACTAn attacker could potentially read arbitrary files or directories outside the intended project scope by providing paths like '../../etc/passwd' or absolute paths.
FIXValidate and sanitize the path input. Use path.resolve() to get an absolute path and ensure it is within an allowed base directory. Reject paths containing '..' or symbolic links that escape the intended scope.
MEDIUM1 finding
src/mcp-servers/codebase-curator/server.ts:257
257const result = await curator.getOverview(
258  args?.projectPath as string,
259  args?.newSession as boolean
260)
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe projectPath parameter is passed directly from user input to the curator service without any validation or sanitization. This could allow path traversal attacks if the curator service uses this path to read files or navigate the file system.
IMPACTAn attacker could potentially read arbitrary files or directories outside the intended project scope by providing paths like '../../etc/passwd' or absolute paths.
FIXValidate and sanitize the projectPath input. Use path.resolve() to get an absolute path and ensure it is within an allowed base directory. Reject paths containing '..' or symbolic links that escape the intended scope.
MEDIUM1 finding
src/mcp-servers/codebase-curator/server.ts:275
275const response = await curator.askCurator({
276  question: question,
277  projectPath: args?.projectPath as string,
278  newSession: args?.newSession as boolean,
279})
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe projectPath parameter is passed directly from user input to the curator service without any validation or sanitization. This could allow path traversal attacks if the curator service uses this path to read files or navigate the file system.
IMPACTAn attacker could potentially read arbitrary files or directories outside the intended project scope by providing paths like '../../etc/passwd' or absolute paths.
FIXValidate and sanitize the projectPath input. Use path.resolve() to get an absolute path and ensure it is within an allowed base directory. Reject paths containing '..' or symbolic links that escape the intended scope.
MEDIUM1 finding
src/mcp-servers/codebase-curator/server.ts:294
294const result = await curator.addNewFeature({
295  feature: feature,
296  projectPath: args?.projectPath as string,
297})
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe projectPath parameter is passed directly from user input to the curator service without any validation or sanitization. This could allow path traversal attacks if the curator service uses this path to read files or navigate the file system.
IMPACTAn attacker could potentially read arbitrary files or directories outside the intended project scope by providing paths like '../../etc/passwd' or absolute paths.
FIXValidate and sanitize the projectPath input. Use path.resolve() to get an absolute path and ensure it is within an allowed base directory. Reject paths containing '..' or symbolic links that escape the intended scope.
MEDIUM1 finding
src/mcp-servers/codebase-curator/server.ts:315
315const result = await curator.implementChange({
316  change: change,
317  projectPath: args?.projectPath as string,
318  scope: args?.scope as string[],
319})
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe projectPath parameter is passed directly from user input to the curator service without any validation or sanitization. This could allow path traversal attacks if the curator service uses this path to read files or navigate the file system.
IMPACTAn attacker could potentially read arbitrary files or directories outside the intended project scope by providing paths like '../../etc/passwd' or absolute paths.
FIXValidate and sanitize the projectPath input. Use path.resolve() to get an absolute path and ensure it is within an allowed base directory. Reject paths containing '..' or symbolic links that escape the intended scope.
MEDIUM1 finding
src/mcp-servers/codebase-curator/server.ts:330
330const result = await curator.getCuratorMemory(
331  args?.projectPath as string
332)
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe projectPath parameter is passed directly from user input to the curator service without any validation or sanitization. This could allow path traversal attacks if the curator service uses this path to read files or navigate the file system.
IMPACTAn attacker could potentially read arbitrary files or directories outside the intended project scope by providing paths like '../../etc/passwd' or absolute paths.
FIXValidate and sanitize the projectPath input. Use path.resolve() to get an absolute path and ensure it is within an allowed base directory. Reject paths containing '..' or symbolic links that escape the intended scope.
MEDIUM1 finding
src/mcp-servers/codebase-curator/server.ts:341
341await curator.clearSession(args?.projectPath as string)
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe projectPath parameter is passed directly from user input to the curator service without any validation or sanitization. This could allow path traversal attacks if the curator service uses this path to read files or navigate the file system.
IMPACTAn attacker could potentially read arbitrary files or directories outside the intended project scope by providing paths like '../../etc/passwd' or absolute paths.
FIXValidate and sanitize the projectPath input. Use path.resolve() to get an absolute path and ensure it is within an allowed base directory. Reject paths containing '..' or symbolic links that escape the intended scope.
LOW1 finding
src/mcp-servers/codebase-curator/server.ts:392
392const lines = (args?.lines as number) || 50
src/mcp-servers/codebase-curator/server.ts:14

// Local-only MCP, requires compromised LLM to exploit

EXPLAINThe 'lines' parameter is not validated. An attacker could provide a very large number, causing the server to read and return a huge amount of log data, potentially leading to memory exhaustion or denial of service.
IMPACTAn attacker could cause the server to consume excessive memory by requesting a large number of log lines, potentially leading to denial of service.
FIXValidate the 'lines' parameter to ensure it is a positive integer within a reasonable range (e.g., 1-1000).
5/22/2026
Findings are produced by automated LLM analysis and may include false positives or miss issues. Verify independently before acting.