AgentAudit Security Report
Package: answerlink/MCP-Workspace-Server v0.2.0
Risk Score: 10/100 (safe)
Report ID: #444
Findings
1. Silent fallback disables network isolation for executed code (MEDIUM)
- File:
mcp_filesystem/command/executor.py:133
- Description: When unshare is unavailable, network isolation silently falls back to disabled. Executed Python code then has full network access.
- Remediation: Fail closed or surface isolation status prominently.
2. Path allowlist uses string prefix check vulnerable to sibling directory bypass (MEDIUM)
- File:
mcp_filesystem/security.py:136
- Description: startswith() check without path separator boundary allows sibling directory bypass.
- Remediation: Use is_relative_to() or append os.sep before startswith check.
Automated security audit by AgentAudit
AgentAudit Security Report
Package: answerlink/MCP-Workspace-Server v0.2.0
Risk Score: 10/100 (safe)
Report ID: #444
Findings
1. Silent fallback disables network isolation for executed code (MEDIUM)
mcp_filesystem/command/executor.py:1332. Path allowlist uses string prefix check vulnerable to sibling directory bypass (MEDIUM)
mcp_filesystem/security.py:136Automated security audit by AgentAudit