BACK TO SEARCH
n24q02m/imagine-mcpcritical
Production-grade MCP server for image and video understanding + generation across Gemini, OpenAI, and Grok.
This MCP server provides image and video understanding and generation across multiple AI providers (Gemini, OpenAI, Grok). It exposes tools to underst...
purpose: This MCP server provides image and video understanthreat: network exposed
RISK SCORE
0/ 100 risk
low findings+5
high findings+50
medium findings+45
capped at100
Indicators — descriptive signals, not vulnerabilities
dynamic-importsrc/imagine_mcp/__init__.py:5
dynamic-importsrc/imagine_mcp/server.py:8
These are automated indicators of code characteristics detected by regex pattern matching. They are informational, not security verdicts. Some patterns (e.g. telegram, crypto-wallet) may reflect legitimate functionality.
VULNERABILITY ANALYSIS · 6 findings in 4 blocks2 HIGH · 3 MEDIUM
HIGH2 findings
src/imagine_mcp/server.py:124
124 def understand(
125 media_urls: list[str],
126 prompt: str,
127 provider: str | None = None,
128 tier: str = "poor",
129 max_tokens: int = 2048,
130 ) -> dict[str, Any]:
131 """Understand image/video content with a prompt."""
132 if len(media_urls) > settings.max_media_urls:
133 raise ValueError(
134 f"Too many media_urls ({len(media_urls)}). "
135 f"Max: {settings.max_media_urls}."
136 )
137 return dispatch_understand(media_urls, prompt, provider, tier, max_tokens)HIGH2 findings
src/imagine_mcp/server.py:145
145 def generate(
146 media_type: Literal["image", "video"],
147 prompt: str,
148 provider: str | None = None,
149 tier: str = "poor",
150 reference_image_url: str | None = None,
151 job_id: str | None = None,
152 output_mode: Literal["base64", "path", "both"] = "both",
153 aspect_ratio: str = "16:9",
154 duration_seconds: int = 8,
155 ) -> dict[str, Any]:
156 """Generate image or video."""
157 return dispatch_generate(
158 media_type,
159 prompt,
160 provider,
161 tier,
162 reference_image_url,
163 job_id,
164 aspect_ratio,
165 duration_seconds,
166 )MEDIUM1 finding
src/imagine_mcp/server.py:168
168 @app.tool(
169 description=(
170 "Server config + credential setup (MERGED). Actions: "
171 "(relay) open_relay|relay_status|relay_skip|relay_reset|"
172 "relay_complete|warmup; (runtime) status|set|cache_clear."
173 ),
174 )
175 def config(
176 action: str,
177 key: str | None = None,
178 value: str | None = None,
179 ) -> dict[str, Any]:
180 """Server config and credential management."""
181 from imagine_mcp import relay_setup
182
183 match action:
184 case "open_relay":
185 import asyncio
186
187 result = asyncio.run(relay_setup.ensure_config(force=True))
188 if result is None:
189 return {
190 "status": "degraded",
191 "message": (
192 "No credentials loaded. Set MCP_RELAY_URL and retry, "
193 "or run the server in `http local relay mode` (default)."
194 ),
195 }
196 return {
197 "status": "saved",
198 "providers_configured": _providers_configured(),
199 }
200 case "relay_status":
201 _live_providers = _providers_configured_live()
202 return {
203 "status": "configured" if _live_providers else "pending",
204 "providers_configured": _live_providers,
205 }
206 case "relay_complete":
207 _live_providers = _providers_configured_live()
208 return {
209 "status": "saved" if _live_providers else "no_credentials",
210 "providers_configured": _live_providers,
211 }
212 case "relay_skip":
213 _env_providers = _providers_configured()
214 if not _env_providers:
215 return {
216 "status": "needs_setup",
217 "message": "No env vars set. Run config(action='open_relay') to configure via browser.",
218 }
219 return {
220 "status": "using_env",
221 "providers": _env_providers,
222 }
223 case "relay_reset":
224 return relay_setup.reset_credentials()
225 case "warmup":
226 return {
227 "status": "ok",
228 "message": "No heavy resources to warm up in v1.",
229 }
230 case "status":
231 return {
232 "version": _get_version(),
233 "credentials_state": _creds_state(),
234 "providers_configured": _providers_configured(),
235 "default_provider": settings.default_provider,
236 "default_tier": settings.default_tier,
237 "cache_ttl_seconds": settings.cache_ttl_seconds,
238 }
239 case "set":
240 return _set_runtime(key, value)
241 case "cache_clear":
242 from imagine_mcp.cache import ResponseCache
243
244 cache = ResponseCache(
245 path=Path(platformdirs.user_cache_dir("imagine-mcp")) / "cache",
246 default_ttl=settings.cache_ttl_seconds,
247 )
248 cache.clear()
249 return {"status": "ok", "message": "Cache cleared."}
250 case _:
251 return {
252 "status": "error",
253 "message": (
254 f"Unknown action {action!r}. Valid: open_relay|relay_status|"
255 "relay_skip|relay_reset|relay_complete|warmup|"
256 "status|set|cache_clear"
257 ),
258 }src/imagine_mcp/server.py:181
// Exploitable by any user with access to the MCP tools.
EXPLAINThe config tool exposes actions like 'set' that allow changing runtime settings (log_level, default_provider, etc.) and 'cache_clear' that deletes the cache. While these are intended, the tool also exposes credential management actions (open_relay, relay_reset) that could be abused to modify or reset credentials. The scope of the config tool is broader than necessary for typical users.
IMPACTAn attacker could change runtime settings to degrade service, reset credentials to cause denial of service, or clear caches to impact performance. Credential reset could lead to loss of access.
FIXRestrict config tool actions to only those necessary for the intended use case. Consider requiring authentication for sensitive actions like credential management.
LOW1 finding
src/imagine_mcp/server.py:186
186 case "open_relay":
187 import asyncio
188
189 result = asyncio.run(relay_setup.ensure_config(force=True))
190 if result is None:
191 return {
192 "status": "degraded",
193 "message": (
194 "No credentials loaded. Set MCP_RELAY_URL and retry, "
195 "or run the server in `http local relay mode` (default)."
196 ),
197 }
198 return {
199 "status": "saved",
200 "providers_configured": _providers_configured(),
201 }src/imagine_mcp/server.py:181
// Exploitable by any user with access to the MCP tools.
EXPLAINThe open_relay action calls relay_setup.ensure_config which may load credentials from a relay URL or environment. The response includes providers_configured which reveals which API keys are set. While not directly exposing the keys, this leaks information about configured providers.
IMPACTAn attacker can learn which cloud providers are configured, aiding in targeted attacks. This is low severity as it does not expose the keys themselves.
FIXAvoid returning provider configuration status in responses, or require authentication for such information.
◷ 6/9/2026
Findings are produced by automated LLM analysis and may include false positives or miss issues. Verify independently before acting.