Skip to content

MCP Audit: Security & Quality improvements for Docker MCP ServerΒ #28

Description

@scotia1973-bot

I ran your MCP server through our automated audit tool β€” here are the results.

πŸ”¬ MCP Audit Report β€” docker-mcp

βœ… Strengths

  • Clean, readable code structure with good separation of concerns
  • Cross-platform support (Windows/Linux/macOS)
  • Proper timeout handling and async operations
  • Good error handling with debug info
  • Clean YAML processing with safe_load

⚠️ Issues Found

1. Potential Command Injection via Project Name (Security - High)

File: src/docker_mcp/docker_executor.py (line 80)

The project_name is interpolated directly into a shell command string without sanitization on Windows. The Unix path uses subprocess_exec which avoids shell injection, but the Windows path is vulnerable.

Recommendation: Sanitize project_name to alphanumeric + hyphens, or use subprocess_exec on Windows too.

2. Module-Level Singleton Docker Client

File: src/docker_mcp/handlers.py (line 9)

A global Docker client is created at module import time. This makes testing difficult.

Recommendation: Create the DockerClient lazily or pass it to DockerHandlers.

3. Sensitive Data Leaked in Error Messages (Security - Medium)

File: src/docker_mcp/server.py (line 167)

Error responses include the full arguments dict, which can contain environment variables (DB_PASSWORD, API_KEY).

Recommendation: Redact environment fields from error responses.

4. Debug Information Exposed in All Responses

Every response includes debug info (internal paths, file locations, commands run).

Recommendation: Add a DEBUG env var flag to control debug output.

5. Unused Imports

File: src/docker_mcp/handlers.py (line 7)

Tool, Prompt, PromptArgument, GetPromptResult, and PromptMessage are imported but never used.

Recommendation: Remove the unused imports.

6. No Container Name Conflict Check

handle_create_container does not check if a container with the requested name already exists.

Recommendation: Check for name conflicts before creating containers.

7. Compose File Stored in CWD

Compose files are written to a docker_compose_files/ directory in the current working directory.

Recommendation: Write to a temp directory instead.

8. No Docker Availability Check at Startup

The server doesn't verify Docker is running at startup.

Recommendation: Add a startup health check.

9. Image Tag Ambiguity

When the image field doesn't specify a tag, it defaults to 'latest'.

Recommendation: Default to :latest explicitly or require tags.

Overall Score: 70/100

Promising foundation with good Docker Compose support. Needs hardening against command injection, sensitive data leakage, and better container lifecycle management before production use.


If you'd like a professional MCP server built, security audit, or full automation workflow, check out https://www.gadgethumans.com/services/

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions