Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"mcp-server-revit-cs-test": {
"args": [
"mcp"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
This repository scaffolds an integration that keeps all Autodesk Revit API code inside a normal Revit add-in and exposes tools through a local MCP server.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
MCP Python SDK: WebSocket server transport does not support Host/Origin validation
### Summary In affected versions, the deprecated WebSocket server transport (`mcp.server.websocket.websocket_server`) accepted the WebSocket handshake without applying any `Host` or `Origin` header validation. The `TransportSecuritySettings` mechanism that the SSE and Streamable HTTP transports use for this purpose was not wired into the WebSocket transport, so there was no SDK-level way to restrict which origins could connect. ### Am I affected? Only if a developer's application server exposes
MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal
### Summary In affected versions, the SSE and Streamable HTTP server transports routed incoming requests to an existing session based only on the session identifier, without verifying that the request was authenticated as the same principal that created the session. Anyone who learned or guessed a session ID could send JSON-RPC messages on that session, regardless of which bearer token the request carried. ### Am I affected? Only if a developer's application server uses an HTTP transport (SSE,
MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks
### Summary In affected versions, the default request handlers installed by the experimental tasks feature (`server.experimental.enable_tasks()`) did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and cancel tasks belonging to other clients. ### Am I affected? Only if the developer's application server calls `server.experimental.enable_tasks()`. If `grep -r enable_tasks` over their codebas
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in design
A mcp server to allow LLMS gain context about shadcn ui component structure,usage and installation,compaitable with react,svelte 5,vue & React Native
AI image generation and editing with prompt optimization and quality presets. Powered by Nano Banana
GoPeak — The most comprehensive MCP server for Godot Engine. 95+ tools, LSP, DAP, screenshots.
MeiGen-AI-Design-MCP — Turn Claude Code / OpenClaw into your local Lovart. Local ComfyUI, 1,400+ prompt library, multi-direction parallel generation.
MCP Security Weekly
Get CVE alerts and security updates for Mcp Server Revit Cs Test and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.