Draw Things
Integrates with the Draw Things API to convert text prompts or JSON inputs into JSON-RPC requests, enabling AI image generation capabilities with automatic saving and error handling.
0Tools
19Findings
13Stars
Mar 22, 2026Last Scanned
6 critical · 12 high · 1 low findings detected
Security Category Deep Dive
Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
100%4 rules
Hidden instructions via external content and tool responses
100%2 rules
Context window saturation and prior-approval exploitation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
100%2 rules
Injection via prompt templates and runtime tool output
Findings19
6critical
12high
1low
Critical6
criticalQ11Code Suggestion Poisoning via MCPMCP01-prompt-injectionAML.T0054.001
Pattern "(?:suggest|generate|complete|insert).*(?:code|function|class|import|require)" matched in source_code: "generated-image-${timestamp}.png`;const defaultImagesDir=path.resolve(projectRoot,"..","images");const finalOutputPath=outputPath||path.join(defaultImagesDir,defaultFileName);const imagesDir=path.dirname(finalOutputPath);if(!fs.existsSync(imagesDir)){await fs.promises.mkdir(imagesDir,{recursive:true});}const cleanBase64=base64Data.replace(/^data:image\/\w+;base64,/,"");const buffer=Buffer.from(cleanBase64,"base64");const absolutePath=path.resolve(finalOutputPath);await fs.promises.writeFile(absolutePath,buffer);return absolutePath}catch(error){console.error(`Failed to save image: ${error instanceof Error?error.message:String(error)}`);if(error instanceof Error){console.error(error.stack||"No stack trace available");}throw error}}getDefaultParams(){return defaultParams}async generateImage(inputParams={}){try{let params={};try{const validationResult=validateImageGenerationParams(inputParams);if(validationResult.valid){params=inputParams;}else {console.error("parameter validation failed, use default params");}}catch(error){console.error("parameter validation error:",error);}if(params.random_string&&(!params.prompt||Object.keys(params).length===1)){params.prompt=params.random_string;delete params.random_string;}if(!params.prompt){params.prompt=inputParams.prompt||defaultParams.prompt;}var _params_seed;const requestParams={...defaultParams,...params,seed:(_params_seed=params.seed)!==null&&_params_seed!==void 0?_params_seed:Math.floor(Math.random()*0x7fffffff)};console.error(`use prompt: "${requestParams.prompt}"`);console.error("send request to Draw Things API...");const response=await this.axios.post("/sdapi/v1/txt2img",requestParams);if(!response.data||!response.data.images||response.data.images.length===0){throw new Error("API did not return image data")}const imageData=response.data.images[0];const formattedImageData=imageData.startsWith("data:image/")?imageData:`data:image/png;base64,${imageData}`;console.error("image generation success");const startTime=Date.now()-2e3;const endTime=Date.now();const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=`generated-image-${timestamp}.png`;const imagePath=await this.saveImage({base64Data:formattedImageData,fileName:defaultFileName});return {isError:false,imageData:formattedImageData,imagePath:imagePath,metadata:{alt:`Image generated from prompt: ${requestParams.prompt}`,inference_time_ms:endTime-startTime}}}catch(error){console.error("image generation error:",error);let errorMessage="unknown error";if(error instanceof Error){errorMessage=error.message;}const axiosError=error;if(axiosError.response){var _axiosError_response_data;errorMessage=`API error: ${axiosError.response.status} - ${((_axiosError_response_data=axiosError.response.data)===null||_axiosError_response_data===void 0?void 0:_axiosError_response_data.error)||axiosError.message}`;}else if(axiosError.code==="ECONNREFUSED"){errorMessage="cannot connect to Draw Things API. please ensure Draw Things is running and API is enabled.";}else if(axiosError.code" (at position 4415)
MCP tool outputs flowing into IDE code suggestion contexts must be sanitized. Implement output content policies that: (1) strip hidden Unicode characters (zero-width, RTL override, tag characters), (2) detect embedded instructions targeting AI code assistants, (3) validate code blocks against security patterns before they enter the suggestion pipeline, (4) never include shell commands in tool outputs without explicit [COMMAND] markers visible to the user. Reference: IDEsaster (Dec 2025), arXiv 2509.22040.
criticalC1Command InjectionMCP03-command-injectionAML.T0054
Pattern "`[^`]+`" matched in source_code: "`Updated API base URL to: ${url}`" (at position 3675)
Replace exec()/execSync() with execFile() and pass arguments as an array, never as a string. Validate all inputs against an allowlist before use in any shell context. For subprocess.run, always pass a list and shell=False.
criticalQ13MCP Bridge Package Supply Chain AttackMCP10-supply-chainAML.T0054
Pattern "["']@modelcontextprotocol/sdk["']\s*:\s*["'](?:\^|~|\*|latest)" matched in source_code: ""@modelcontextprotocol/sdk": "^" (at position 23033)
MCP bridge packages (mcp-remote, mcp-proxy, @modelcontextprotocol/sdk, fastmcp) are high-value supply chain targets — CVE-2025-6514 (CVSS 9.6) in mcp-remote affected 437,000+ installs. Always pin exact versions (no ^ or ~ ranges). Use lockfiles (package-lock.json, pnpm-lock.yaml, uv.lock). Never run `npx mcp-remote` without version pinning. Verify package integrity with `npm audit` or `pip-audit` before deployment. Reference: CVE-2025-6514, OWASP ASI04.
criticalL7Transitive MCP Server DelegationMCP06-excessive-permissionsAML.T0054
Pattern "(?:connect|initialize).*(?:mcp|modelcontextprotocol).*(?:server|endpoint|url)" matched in source_code: "ConnectionInfo();log("Initializing Draw Things MCP service");log("Checking Draw Things API connection before starting service...");const apiPort=process.env.DRAW_THINGS_API_PORT||7888;const isApiConnected=await drawThingsService.checkApiConnection();if(!isApiConnected){log("\nFAILED TO CONNECT TO DRAW THINGS API");log("Please make sure Draw Things is running and the API is enabled.");log("The service will continue running, but image generation will not work until the API is available.\n");}else {log("\nSUCCESSFULLY CONNECTED TO DRAW THINGS API");log("The service is ready to generate images.\n");drawThingsService.setBaseUrl(`http://127.0.0.1:${apiPort}`);}log("Creating transport and connecting server...");const transport=new StdioServerTransport;log("Connecting server to transport...");await server.connect(transport);log("MCP Server started successfully!");}catch(error){log(`Error in main program: ${error instanceof Error?error.message:String(error)}`);await logError(error);}}main().catch(async error=>{log("server" (at position 12505)
MCP servers MUST NOT create client connections to other MCP servers without explicit user disclosure. If delegation is required, declare all downstream servers in the server's capabilities and tool descriptions. Never forward user credentials to sub-servers. Implement a trust boundary between the approved server and any delegated servers. Log all transitive delegations for audit.
criticalL9CI/CD Secret Exfiltration PatternsMCP07-insecure-configAML.T0057
Pattern "(?:console\.log|print|echo|puts).*(?:process\.env|os\.environ|\$\{?(?:NPM_TOKEN|NODE_AUTH_TOKEN|GITHUB_TOKEN|AWS_ACCESS|DATABASE_URL|ANTHROPIC_API_KEY))" matched in source_code: "printConnectionInfo();log("Initializing Draw Things MCP service");log("Checking Draw Things API connection before starting service...");const apiPort=process.env" (at position 12500)
Never print, log, or transmit CI environment variables containing secrets. Use GitHub Actions '::add-mask::' to prevent accidental secret exposure in logs. Audit all third-party Actions for secret access patterns. Use OIDC tokens instead of long-lived secrets where possible. Restrict secret access to specific workflow jobs and steps. Monitor CI logs for base64-encoded strings.
criticalQ3Localhost MCP Service HijackingMCP07-insecure-configT1557
Pattern "(?:StdioServerTransport|stdio[_\s]?transport).*(?:new|create)(?!.*(?:auth|validate|verify))" matched in source_code: "StdioServerTransport;log("Connecting server to transport...");await server.connect(transport);log("MCP Server started successfully!");}catch(error){log(`Error in main program: ${error instanceof Error?error.message:String(error)}`);await logError(error);}}main().catch(async error=>{log("server.log",`${new" (at position 13239)
MCP servers binding to localhost must: (1) validate the Host header to prevent DNS rebinding attacks (CVE-2025-49596), (2) set strict CORS origins instead of wildcard '*', (3) require authentication tokens even for local connections, (4) use random high ports instead of predictable defaults. For stdio transport, validate all input at the JSON-RPC level before processing. Consider using Docker MCP Gateway or similar container isolation.
High12
highK1Absent Structured LoggingMCP09-logging-monitoringAML.T0054
Pattern "console\.(log|warn|error)\s*\(.*(?:tool|request|handler|execute|invoke)" matched in source_code: "console.error(`Updated API base URL to: ${url}`);}async checkApiConnection(){try{console.error(`Checking API connection to: ${this.baseUrl}`);const response=await this.axios.get("/sdapi/v1/options",{timeout:5e3,validateStatus:status=>status>=200});const isConnected=response.status>=200;console.error(`API connection check: ${isConnected?"Success":"Failed"}`);return isConnected}catch(error){console.error(`API connection check failed: ${error.message}`);return false}}async saveImage({base64Data,outputPath,fileName}){const __filename=fileURLToPath(import.meta.url);const __dirname=path.dirname(__filename);const projectRoot=path.resolve(__dirname,"..");try{const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=fileName||`generated-image-${timestamp}.png`;const defaultImagesDir=path.resolve(projectRoot,"..","images");const finalOutputPath=outputPath||path.join(defaultImagesDir,defaultFileName);const imagesDir=path.dirname(finalOutputPath);if(!fs.existsSync(imagesDir)){await fs.promises.mkdir(imagesDir,{recursive:true});}const cleanBase64=base64Data.replace(/^data:image\/\w+;base64,/,"");const buffer=Buffer.from(cleanBase64,"base64");const absolutePath=path.resolve(finalOutputPath);await fs.promises.writeFile(absolutePath,buffer);return absolutePath}catch(error){console.error(`Failed to save image: ${error instanceof Error?error.message:String(error)}`);if(error instanceof Error){console.error(error.stack||"No stack trace available");}throw error}}getDefaultParams(){return defaultParams}async generateImage(inputParams={}){try{let params={};try{const validationResult=validateImageGenerationParams(inputParams);if(validationResult.valid){params=inputParams;}else {console.error("parameter validation failed, use default params");}}catch(error){console.error("parameter validation error:",error);}if(params.random_string&&(!params.prompt||Object.keys(params).length===1)){params.prompt=params.random_string;delete params.random_string;}if(!params.prompt){params.prompt=inputParams.prompt||defaultParams.prompt;}var _params_seed;const requestParams={...defaultParams,...params,seed:(_params_seed=params.seed)!==null&&_params_seed!==void 0?_params_seed:Math.floor(Math.random()*0x7fffffff)};console.error(`use prompt: "${requestParams.prompt}"`);console.error("send request to Draw Things API...");const response=await this.axios.post("/sdapi/v1/txt2img",requestParams);if(!response.data||!response.data.images||response.data.images.length===0){throw new Error("API did not return image data")}const imageData=response.data.images[0];const formattedImageData=imageData.startsWith("data:image/")?imageData:`data:image/png;base64,${imageData}`;console.error("image generation success");const startTime=Date.now()-2e3;const endTime=Date.now();const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=`generated-image-${timestamp}.png`;const imagePath=await this.saveImage({base64Data:formattedImageData,fileName:defaultFileName});return {isError:false,imageData:formattedImageData,imagePath:imagePath,metadata:{alt:`Image generated from prompt: ${request" (at position 3661)
Implement structured logging (pino, winston, or equivalent) for all tool call handlers. Every tool invocation should log: timestamp, tool name, caller identity, parameters (sanitized), result status, and duration. Required by ISO 27001 A.8.15, CoSAI MCP-T12, and NIST AI RMF MEASURE 2.6.
highK11Missing Server Integrity VerificationMCP10-supply-chainAML.T0054
Pattern "(connect|load|register|add)[_\s-]?(mcp|server|tool)(?!.*(?:verify|validate|checksum|hash|sign|cert|fingerprint|pin))" matched in source_code: "connect server" (at position 21731)
Implement cryptographic verification for MCP server connections: (1) Pin server TLS certificates or public keys, (2) Verify server tool definition checksums against a known-good manifest, (3) Use package manager integrity checks (npm integrity, pip --require-hashes). The MCP spec recommends but doesn't yet mandate server signing — implement it proactively. Required by ISO 27001 A.8.24 and CoSAI MCP-T6.
highK13Unsanitized Tool OutputMCP02-tool-poisoningAML.T0054
Pattern "(?:readFile|read_file|open).*(?:return|respond|result|content|text)(?!.*(?:sanitize|escape|encode|strip|filter|validate|truncate))" matched in source_code: "open_clip_g:false,hires_fix_height:960,decoding_tile_width:640,diffusion_tile_height:1024,num_frames:14,stage_2_guidance:1,t5_text_encoder_decoding:true,mask_blur_outset:0,resolution_dependent_shift:true,model:"flux_1_schnell_q5p.ckpt",hires_fix:false,strength:1,loras:[],diffusion_tile_width:1024,diffusion_tile_overlap:128,original_width:512,seed:-1,zero_negative_prompt:false,upscaler_scale:0,steps:8,upscaler:null,mask_blur:1.5,sampler:"DPM++ 2M AYS",width:320,negative_original_width:512,batch_count:1,refiner_model:null,shift:1,stage_2_shift:1,open_clip_g_text:null,crop_left:0,controls:[],start_frame_guidance:1,original_height:512,image_prior_steps:5,guiding_frame_noise:.019999999552965164,clip_weight:1,clip_skip:1,crop_top:0,negative_original_height:512,preserve_original_after_inpaint:true,separate_clip_l:false,guidance_embed:3.5,negative_aesthetic_score:2.5,aesthetic_score:6,clip_l_text:null,hires_fix_strength:.699999988079071,guidance_scale:7.5,stochastic_sampling_gamma:.3,seed_mode:"Scale Alike",target_width:512,hires_fix_width:960,tiled_diffusion:false,fps:5,refiner_start:.8500000238418579,height:512,prompt:"A cute koala sitting on a eucalyptus tree, watercolor style, beautiful lighting, detailed",negative_prompt:"deformed, distorted, unnatural pose, extra limbs, blurry, low quality, ugly, bad anatomy, poor details, mutated, text" (at position 561)
Sanitize all external data before including in tool responses. Implement output encoding that neutralizes prompt injection patterns. Truncate excessively long content. Validate structure before passing database results. Apply the principle: treat all external data as untrusted, even in tool outputs. Required by CoSAI MCP-T4.
highK16Unbounded Recursion / Missing Depth LimitsMCP07-insecure-configAML.T0054
Pattern "function\s+(\w+).*\{[^}]*\1\s*\((?!.*(?:depth|level|limit|max|count|recursi))" matched in source_code: "function _define_property(obj,key,value){if(key in obj){Object.defineProperty(obj,key,{value:value,enumerable:true,configurable:true,writable:true});}else {obj[key]=value;}return obj}class DrawThingsService{setBaseUrl(url){this.baseUrl=url;this.axios.defaults.baseURL=url;console.error(`Updated API base URL to: ${url}`);}async checkApiConnection(){try{console.error(`Checking API connection to: ${this.baseUrl}`);const response=await this.axios.get("/sdapi/v1/options",{timeout:5e3,validateStatus:status=>status>=200});const isConnected=response.status>=200;console.error(`API connection check: ${isConnected?"Success":"Failed"}`);return isConnected}catch(error){console.error(`API connection check failed: ${error.message}`);return false}}async saveImage({base64Data,outputPath,fileName}){const __filename=fileURLToPath(import.meta.url);const __dirname=path.dirname(__filename);const projectRoot=path.resolve(__dirname,"..");try{const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=fileName||`generated-image-${timestamp}.png`;const defaultImagesDir=path.resolve(projectRoot,"..","images");const finalOutputPath=outputPath||path.join(defaultImagesDir,defaultFileName);const imagesDir=path.dirname(finalOutputPath);if(!fs.existsSync(imagesDir)){await fs.promises.mkdir(imagesDir,{recursive:true});}const cleanBase64=base64Data.replace(/^data:image\/\w+;base64,/,"");const buffer=Buffer.from(cleanBase64,"base64");const absolutePath=path.resolve(finalOutputPath);await fs.promises.writeFile(absolutePath,buffer);return absolutePath}catch(error){console.error(`Failed to save image: ${error instanceof Error?error.message:String(error)}`);if(error instanceof Error){console.error(error.stack||"No stack trace available");}throw error}}getDefaultParams(){return defaultParams}async generateImage(inputParams={}){try{let params={};try{const validationResult=validateImageGenerationParams(inputParams);if(validationResult.valid){params=inputParams;}else {console.error("parameter validation failed, use default params");}}catch(error){console.error("parameter validation error:",error);}if(params.random_string&&(!params.prompt||Object.keys(params).length===1)){params.prompt=params.random_string;delete params.random_string;}if(!params.prompt){params.prompt=inputParams.prompt||defaultParams.prompt;}var _params_seed;const requestParams={...defaultParams,...params,seed:(_params_seed=params.seed)!==null&&_params_seed!==void 0?_params_seed:Math.floor(Math.random()*0x7fffffff)};console.error(`use prompt: "${requestParams.prompt}"`);console.error("send request to Draw Things API...");const response=await this.axios.post("/sdapi/v1/txt2img",requestParams);if(!response.data||!response.data.images||response.data.images.length===0){throw new Error("API did not return image data")}const imageData=response.data.images[0];const formattedImageData=imageData.startsWith("data:image/")?imageData:`data:image/png;base64,${imageData}`;console.error("image generation success");const startTime=Date.now()-2e3;const endTime=Date.now();const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=`generated-image-${timestamp}.png`;const imagePath=await this.saveImage({base64Data:formattedImageData,fileName:defaultFileName});return {isError:false,imageData:formattedImageData,imagePath:imagePath,metadata:{alt:`Image generated from prompt: ${requestParams.prompt}`,inference_time_ms:endTime-startTime}}}catch(error){console.error("image generation error:",error);let errorMessage="unknown error";if(error instanceof Error){errorMessage=error.message;}const axiosError=error;if(axiosError.response){var _axiosError_response_data;errorMessage=`API error: ${axiosError.response.status} - ${((_axiosError_response_data=axiosError.response.data)===null||_axiosError_response_data===void 0?void 0:_axiosError_response_data.error)||axiosError.message}`;}else if(axiosError.code==="ECONNREFUSED"){errorMessage="cannot connect to Draw Things API. please ensure Draw Things is running and API is enabled.";}else if(axiosError.code==="ETIMEDOUT"){errorMessage="connection to Draw Things API timeout. image generation may take longer, or API not responding.";}return {isError:true,errorMessage}}}constructor(apiUrl="http://127.0.0.1:7888"){_define_property(this,"baseUrl",void 0);_define_property(" (at position 3389)
Add explicit depth/recursion limits to all recursive operations. Use iterative approaches where possible. Set maximum depth for directory walking (max_depth=10), tree traversal (max_level=20), and agent re-invocation (max_calls=5). Implement circuit breakers that halt after N iterations. Required by EU AI Act Art. 15 (robustness) and OWASP ASI08.
highK18Cross-Trust-Boundary Data Flow in Tool ResponseMCP04-data-exfiltrationAML.T0054
Pattern "(?:process\.env|os\.environ|config|settings).*(?:fetch|axios|http|post|send|webhook)" matched in source_code: "configurable:true,writable:true});}else {obj[key]=value;}return obj}class DrawThingsService{setBaseUrl(url){this.baseUrl=url;this.axios.defaults.baseURL=url;console.error(`Updated API base URL to: ${url}`);}async checkApiConnection(){try{console.error(`Checking API connection to: ${this.baseUrl}`);const response=await this.axios.get("/sdapi/v1/options",{timeout:5e3,validateStatus:status=>status>=200});const isConnected=response.status>=200;console.error(`API connection check: ${isConnected?"Success":"Failed"}`);return isConnected}catch(error){console.error(`API connection check failed: ${error.message}`);return false}}async saveImage({base64Data,outputPath,fileName}){const __filename=fileURLToPath(import.meta.url);const __dirname=path.dirname(__filename);const projectRoot=path.resolve(__dirname,"..");try{const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=fileName||`generated-image-${timestamp}.png`;const defaultImagesDir=path.resolve(projectRoot,"..","images");const finalOutputPath=outputPath||path.join(defaultImagesDir,defaultFileName);const imagesDir=path.dirname(finalOutputPath);if(!fs.existsSync(imagesDir)){await fs.promises.mkdir(imagesDir,{recursive:true});}const cleanBase64=base64Data.replace(/^data:image\/\w+;base64,/,"");const buffer=Buffer.from(cleanBase64,"base64");const absolutePath=path.resolve(finalOutputPath);await fs.promises.writeFile(absolutePath,buffer);return absolutePath}catch(error){console.error(`Failed to save image: ${error instanceof Error?error.message:String(error)}`);if(error instanceof Error){console.error(error.stack||"No stack trace available");}throw error}}getDefaultParams(){return defaultParams}async generateImage(inputParams={}){try{let params={};try{const validationResult=validateImageGenerationParams(inputParams);if(validationResult.valid){params=inputParams;}else {console.error("parameter validation failed, use default params");}}catch(error){console.error("parameter validation error:",error);}if(params.random_string&&(!params.prompt||Object.keys(params).length===1)){params.prompt=params.random_string;delete params.random_string;}if(!params.prompt){params.prompt=inputParams.prompt||defaultParams.prompt;}var _params_seed;const requestParams={...defaultParams,...params,seed:(_params_seed=params.seed)!==null&&_params_seed!==void 0?_params_seed:Math.floor(Math.random()*0x7fffffff)};console.error(`use prompt: "${requestParams.prompt}"`);console.error("send request to Draw Things API...");const response=await this.axios.post("/sdapi/v1/txt2img",requestParams);if(!response.data||!response.data.images||response.data.images.length===0){throw new Error("API did not return image data")}const imageData=response.data.images[0];const formattedImageData=imageData.startsWith("data:image/")?imageData:`data:image/png;base64,${imageData}`;console.error("image generation success");const startTime=Date.now()-2e3;const endTime=Date.now();const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=`generated-image-${timestamp}.png`;const imagePath=await this.saveImage({base64Data:formattedImageData,fileName:defaultFileName});return {isError:false,imageData:formattedImageData,imagePath:imagePath,metadata:{alt:`Image generated from prompt: ${requestParams.prompt}`,inference_time_ms:endTime-startTime}}}catch(error){console.error("image generation error:",error);let errorMessage="unknown error";if(error instanceof Error){errorMessage=error.message;}const axiosError=error;if(axiosError.response){var _axiosError_response_data;errorMessage=`API error: ${axiosError.response.status} - ${((_axiosError_response_data=axiosError.response.data)===null||_axiosError_response_data===void 0?void 0:_axiosError_response_data.error)||axiosError.message}`;}else if(axiosError.code==="ECONNREFUSED"){errorMessage="cannot connect to Draw Things API. please ensure Draw Things is running and API is enabled.";}else if(axiosError.code==="ETIMEDOUT"){errorMessage="connection to Draw Things API timeout. image generation may take longer, or API not responding.";}return {isError:true,errorMessage}}}constructor(apiUrl="http://127.0.0.1:7888"){_define_property(this,"baseUrl",void 0);_define_property(this,"axios",void 0);this.baseUrl=apiUrl;this.axios=axios" (at position 3504)
Implement data flow taint tracking: tag data from sensitive sources (databases, credentials, files) and prevent it from flowing to external sinks (HTTP, webhooks, email) without explicit sanitization/redaction. Apply data classification and enforce boundary controls per trust level. Required by ISO 27001 A.5.14 and CoSAI MCP-T5.
highQ14Concurrent MCP Server Race ConditionMCP07-insecure-configT1068
Pattern "(?:read|write|modify|delete).*(?:file|path|directory)(?!.*(?:lock|mutex|semaphore|flock|atomic))" matched in source_code: "writeFile(absolutePath,buffer);return absolutePath}catch(error){console.error(`Failed to save image: ${error instanceof Error?error.message:String(error)}`);if(error instanceof Error){console.error(error.stack||"No stack trace available");}throw error}}getDefaultParams(){return defaultParams}async generateImage(inputParams={}){try{let params={};try{const validationResult=validateImageGenerationParams(inputParams);if(validationResult.valid){params=inputParams;}else {console.error("parameter validation failed, use default params");}}catch(error){console.error("parameter validation error:",error);}if(params.random_string&&(!params.prompt||Object.keys(params).length===1)){params.prompt=params.random_string;delete params.random_string;}if(!params.prompt){params.prompt=inputParams.prompt||defaultParams.prompt;}var _params_seed;const requestParams={...defaultParams,...params,seed:(_params_seed=params.seed)!==null&&_params_seed!==void 0?_params_seed:Math.floor(Math.random()*0x7fffffff)};console.error(`use prompt: "${requestParams.prompt}"`);console.error("send request to Draw Things API...");const response=await this.axios.post("/sdapi/v1/txt2img",requestParams);if(!response.data||!response.data.images||response.data.images.length===0){throw new Error("API did not return image data")}const imageData=response.data.images[0];const formattedImageData=imageData.startsWith("data:image/")?imageData:`data:image/png;base64,${imageData}`;console.error("image generation success");const startTime=Date.now()-2e3;const endTime=Date.now();const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=`generated-image-${timestamp}.png`;const imagePath=await this.saveImage({base64Data:formattedImageData,fileName:defaultFileName});return {isError:false,imageData:formattedImageData,imagePath:imagePath" (at position 4901)
MCP servers sharing filesystem or database backends with other servers must implement proper concurrency controls. Use: (1) file locking (flock/lockfile) for filesystem operations, (2) database transactions for all read-modify-write sequences, (3) atomic file operations (O_EXCL, mkdtemp) instead of check-then-create, (4) lstat() to detect symlinks before following (CVE-2025-53109). Never assume exclusive access to shared resources — other MCP servers may be operating concurrently.
highK19Missing Runtime Sandbox EnforcementMCP07-insecure-configAML.T0054
Pattern "(run[_\s-]?as[_\s-]?root|EUID.*0|uid.*0)(?!.*(?:drop|setuid|seteuid|change.?user))" matched in source_code: "uidance_embed:true,motion_scale:127,image_guidance:1.5,tiled_decoding:false,decoding_tile_height:640,negative_prompt_for_image_prior:true,batch_size:1,decoding_tile_overlap:128,separate_open_clip_g:false,hires_fix_height:960,decoding_tile_width:640,diffusion_tile_height:1024,num_frames:14,stage_2_guidance:1,t5_text_encoder_decoding:true,mask_blur_outset:0,resolution_dependent_shift:true,model:"flux_1_schnell_q5p.ckpt",hires_fix:false,strength:1,loras:[],diffusion_tile_width:1024,diffusion_tile_overlap:128,original_width:512,seed:-1,zero_negative_prompt:false,upscaler_scale:0,steps:8,upscaler:null,mask_blur:1.5,sampler:"DPM++ 2M AYS",width:320,negative_original_width:512,batch_count:1,refiner_model:null,shift:1,stage_2_shift:1,open_clip_g_text:null,crop_left:0,controls:[],start_frame_guidance:1,original_height:512,image_prior_steps:5,guiding_frame_noise:.019999999552965164,clip_weight:1,clip_skip:1,crop_top:0,negative_original_height:512,preserve_original_after_inpaint:true,separate_clip_l:false,guidance_embed:3.5,negative_aesthetic_score:2.5,aesthetic_score:6,clip_l_text:null,hires_fix_strength:.699999988079071,guidance_scale:7.5,stochastic_sampling_gamma:.3,seed_mode:"Scale Alike",target_width:512,hires_fix_width:960,tiled_diffusion:false,fps:5,refiner_start:.8500000" (at position 375)
Run MCP servers in sandboxed containers with: (1) No --privileged flag, (2) Minimal Linux capabilities (drop ALL, add only needed), (3) Read-only root filesystem, (4) Non-root user, (5) Seccomp/AppArmor profiles enabled, (6) No host mounts except data volumes. CoSAI warns containers alone are insufficient — add seccomp profiles. Required by CoSAI MCP-T8 and ISO 27001 A.8.22.
highK4Missing Human Confirmation for Destructive OpsMCP06-excessive-permissionsAML.T0054
Pattern "(delete|remove|drop|truncate|destroy|purge|wipe|erase).*(?:execute|run|perform|call)(?!.*(?:confirm|approve|prompt|ask|verify|consent))" matched in source_code: "delete params.random_string;}if(!params.prompt){params.prompt=inputParams.prompt||defaultParams.prompt;}var _params_seed;const requestParams={...defaultParams,...params,seed:(_params_seed=params.seed)!==null&&_params_seed!==void 0?_params_seed:Math.floor(Math.random()*0x7fffffff)};console.error(`use prompt: "${requestParams.prompt}"`);console.error("send request to Draw Things API...");const response=await this.axios.post("/sdapi/v1/txt2img",requestParams);if(!response.data||!response.data.images||response.data.images.length===0){throw new Error("API did not return image data")}const imageData=response.data.images[0];const formattedImageData=imageData.startsWith("data:image/")?imageData:`data:image/png;base64,${imageData}`;console.error("image generation success");const startTime=Date.now()-2e3;const endTime=Date.now();const timestamp=new Date().toISOString().replace(/[:.]/g,"-");const defaultFileName=`generated-image-${timestamp}.png`;const imagePath=await this.saveImage({base64Data:formattedImageData,fileName:defaultFileName});return {isError:false,imageData:formattedImageData,imagePath:imagePath,metadata:{alt:`Image generated from prompt: ${requestParams.prompt}`,inference_time_ms:endTime-startTime}}}catch(error){console.error("image generation error:",error);let errorMessage="unknown error";if(error instanceof Error){errorMessage=error.message;}const axiosError=error;if(axiosError.response){var _axiosError_response_data;errorMessage=`API error: ${axiosError.response.status} - ${((_axiosError_response_data=axiosError.response.data)===null||_axiosError_response_data===void 0?void 0:_axiosError_response_data.error)||axiosError.message}`;}else if(axiosError.code==="ECONNREFUSED"){errorMessage="cannot connect to Draw Things API. please ensure Draw Things is run" (at position 5613)
All destructive operations (delete, drop, overwrite, send) MUST include a human confirmation step. Use the MCP destructiveHint annotation to signal that client-side confirmation is required. Implement an approval gate pattern: preview changes → request confirmation → execute. Required by ISO 42001 A.9.1, EU AI Act Art. 14, and NIST AI RMF GOVERN 1.7.
highM7Tool Response Structure BombASI08-agentic-dosAML.T0054
Pattern "(\+\=|concat|push|append).*\1.*\1" matched in source_code: "push("prompt must be a string");}if(params.negative_prompt!==undefined&&typeof params.negative_prompt!=="string"){errors.push("negative_prompt must be a string");}if(params.width!==undefined&&(typeof params.width!=="number"||params.width<=0||!Number.isInteger(params.width))){errors.push("width must be a positive integer");}if(params.height!==undefined&&(typeof params.height!=="number"||params.height<=0||!Number.isInteger(params.height))){errors.push("height must be a positive integer");}if(params.steps!==undefined&&(typeof params.steps!=="number"||params.steps<=0||!Number.isInteger(params.steps))){errors.push("steps must be a positive integer");}if(params.seed!==undefined&&(typeof params.seed!=="number"||!Number.isInteger(params.seed))){errors.push("seed must be an integer");}if(params.guidance_scale!==undefined&&(typeof params.guidance_scale!=="number"||params.guidance_scale<=0)){errors.push("guidance_scale must be a positive number");}if(params.model!==undefined&&typeof params.model!=="string"){errors.push("model must be a string");}if(params.sampler!==undefined&&typeof params.sampler!=="string"){errors.push("sampler must be a string");}if(params.random_string!==undefined&&typeof params.random_string!=="string"){errors.push" (at position 2066)
Implement response size limits and nesting depth caps for all tool responses. Never construct responses with programmatic deep nesting or exponential expansion. CVE-2026-25048 demonstrated that nested structures can exhaust parser stacks in LLM pipelines. Set maximum response size (e.g., 100KB), maximum JSON nesting depth (e.g., 20 levels), and maximum array length. Use streaming for large responses rather than constructing them in memory.
highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "@modelcontextprotocol/sdk@1.7.0" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "axios@1.8.0" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "rollup@4.34.9" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
Low1
lowF4MCP Spec Non-ComplianceMCP07-insecure-config
Server fails MCP spec compliance checks: required:server_name; required:server_version; required:protocol_version; recommended:tool_descriptions; recommended:parameter_descriptions
Follow the MCP specification for server metadata. Include server name, version, and protocol version. Provide descriptions for all tools and parameters.