Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-mervinpraison-praisonai": {
"args": [
"-y",
"@modelcontextprotocol/server-memory"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
PraisonAI 🦞 — Hire a 24/7 AI Workforce. Stop writing boilerplate and start shipping autonomous agents that research, plan, and execute tasks across your apps. From one agent to an entire organization, deployed in 5 lines of code.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@modelcontextprotocol/server-memory' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
## Summary `praisonai.sandbox.SandlockSandbox` is documented and implemented as the kernel-enforced sandbox backend for untrusted code. Its `SandboxConfig.native()` path lets callers configure allowed filesystem paths and `network=False`. On systems where the optional `sandlock` module imports but reports that Landlock is unavailable, `SandlockSandbox.execute()` and `run_command()` do not fail closed. They silently fall back to `SubprocessSandbox(self.config)`. That fallback keeps the same hi
PraisonAI: PRAISONAI_CALL_AUTH=disabled environment variable unconditionally disables authentication
### Summary Setting `PRAISONAI_CALL_AUTH=disabled` completely disables all authentication on the `/api/v1/agents/{id}/invoke` endpoint. This bypass is advertised in the application's own error messages, making it likely to appear in production Docker and Compose configurations. ### Details ```python # src/praisonai/praisonai/api/agent_invoke.py:32 _CALL_AUTH_DISABLED = os.getenv('PRAISONAI_CALL_AUTH', '').lower() == 'disabled' async def verify_token(...) -> None: if _CALL_AUTH_DISABLED:
PraisonAI: Arbitrary File Read/Write via `multiedit` Tool Without Path Validation
## Summary The `multiedit` tool in `src/praisonai/praisonai/tools/multiedit.py` allows LLM-controlled arbitrary file read and write without any path validation, workspace boundary check, or protected path guard. This enables an attacker who can influence agent tool arguments (via crafted prompts, user input in chat bots, or malicious YAML workflow configs) to read sensitive files (e.g., `/etc/shadow`, `~/.ssh/id_rsa`, `~/.aws/credentials`) and overwrite arbitrary files on the filesystem. ## De
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
## Summary The published A2U advisory `GHSA-f292-66h9-fpmf` says unauthenticated A2U event streaming was fixed in `praisonai` `4.5.115`. Current head still exposes the same A2U subscription and event routes without authentication when the operator starts the documented CLI entrypoint: ```text praisonai serve a2u --host 0.0.0.0 --port 8002 ``` The current CLI wrapper does not expose `--api-key`, does not install the common API-key middleware, and does not generate a token for A2U. It calls `cr
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml
## Summary PraisonAI recipe execution has a dangerous-tool policy that is supposed to block default-denied tools unless the caller explicitly passes `allow_dangerous_tools=True`. That policy only checks tools declared in `TEMPLATE.yaml` `requires.tools`. For steps-based recipes, the actual execution path loads `workflow.yaml` with `YAMLWorkflowParser`. That parser resolves agent-level `tools:` declarations and preserves top-level `approve:`. `Workflow.start()` then installs those YAML-approved
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml
Dynamic problem-solving through sequential thought chains
Persistent memory using a knowledge graph
Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.
Self-hosted URL- and file-to-Markdown service for humans and AI agents - web pages, documents, images, audio, YouTube. PWA + REST + MCP + Claude Code skill, Reddit-aware, refreshable share links.
MCP Security Weekly
Get CVE alerts and security updates for Praisonai MCP Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.