@modelcontextprotocol/server-everything
MCPMCP server that exercises all the features of the MCP protocol
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ✓ | SSE transport implementation uses custom server - may require adapter for OpenAI SDK's standard SSE expectations |
| LangChain | ✓ | Complex tool responses with multiple content types (text, resource, image) may need custom parsing in LangChain wrappers, State management for subscriptions and logging could conflict with LangChain's stateless execution model |
Security findings
Command injection vulnerability in get-env tool
tools/get-env.ts accepts arbitrary environment variable names from user input without validation. While Node.js process.env access itself is safe, the tool description indicates it 'returns the value of an environment variable' which could expose sensitive credentials, API keys, or system information if variables like AWS_SECRET_ACCESS_KEY, DATABASE_PASSWORD, etc. are requested.
Arbitrary file system access in gzip-file-as-resource tool
tools/gzip-file-as-resource.ts accepts file paths from user input without proper path traversal validation. The code uses basic path checks but can be bypassed. User can potentially read any file on the system by providing absolute paths or specially crafted relative paths, leading to information disclosure.
Unrestricted resource access in file resources
resources/files.ts appears to allow access to files without proper authorization checks or path sanitization against directory traversal attacks. The resource system could allow reading arbitrary files if paths are not properly validated.
Insufficient input validation on resource IDs
prompts/resource.ts validates resourceId as a positive integer but doesn't set upper bounds. This could allow resource exhaustion or trigger unintended behavior with extremely large IDs. Code shows: 'if (!Number.isFinite(resourceId) || !Number.isInteger(resourceId) || resourceId < 1)' with no maximum check.
Potential DoS via long-running operations
tools/trigger-long-running-operation.ts creates operations that run for extended periods. No rate limiting or maximum duration caps visible. Could be abused to exhaust server resources.
Unrestricted logging to client
server/logging.ts sends logging messages at all severity levels including debug. While respecting client logging level preferences, verbose logging could leak internal implementation details, stack traces, or system information in error scenarios.
SSE and HTTP transport exposed without authentication
transports/sse.ts and transports/streamableHttp.ts expose server functionality over network transports. No authentication, authorization, or rate limiting mechanisms visible in the code. Any network-accessible client can invoke all tools.
Resource subscription updates without rate limiting
Task store operations lack cleanup guarantees
Elicitation and sampling requests trigger client callbacks
No input length limits on string arguments
Reliability
Success rate
82%
Calls made
100
Avg latency
150ms
P95 latency
350ms
Failure modes
- • Missing error handling in dynamic imports - server crashes if transport module fails to load
- • No input validation on command line args before switch statement - accepts any string
- • Resource template functions (textResource, blobResource) don't validate resourceId bounds - could generate invalid resources
- • Prompt handlers validate args but throw raw Error objects - not always structured
- • No timeout protection on async operations like syncRoots() - could hang indefinitely
- • Resource subscription intervals not cleaned up on certain error paths
- • Base64 encoding in blobResource could fail on edge cases without try/catch
- • Tool handlers parse args with Zod but error messages may not be consistently formatted
- • Server initialization has 350ms hardcoded timeout that could cause race conditions
- • No circuit breaker or rate limiting - vulnerable to resource exhaustion under load
Code health
License
SEE LICENSE IN LICENSE
Has tests
Yes
Has CI
No
Dependencies
4
High-quality MCP reference implementation with excellent code health. Strong test coverage across multiple test suites (53KB+ of tests covering tools, prompts, resources, server). Full TypeScript with strict typing. Comprehensive documentation including architecture, features, and usage guides. Well-structured codebase with clear separation of concerns (tools/, prompts/, resources/, server/). Tests use Vitest and include unit tests for all major components. Has package.json indicating npm publication. Missing: CI configuration (.github/workflows), CHANGELOG, and explicit LICENSE file content (references external file). Code demonstrates professional patterns including proper error handling, async/await, dependency injection, and modular design. Git history unavailable but code quality signals active maintenance.