kubernetes-mcp-server
MCP[](https://github.com/containers/kubernetes-mcp-server/blob/main/LICENSE) [ function downloads executables from GitHub releases without verifying signatures or checksums. An attacker who compromises the GitHub repository or performs a MITM attack could serve malicious binaries. The binary is immediately made executable (chmod +x) and executed via subprocess.run() with user-provided arguments.
Command injection risk via unchecked arguments
python/kubernetes_mcp_server/kubernetes_mcp_server.py line 70: The execute() function passes sys.argv[1:] directly to subprocess.run() without validation. While subprocess.run() with a list is safer than shell=True, the downloaded binary itself could be malicious and execute arbitrary commands based on these arguments.
Insecure HTTPS download without certificate verification
python/kubernetes_mcp_server/kubernetes_mcp_server.py line 49: urllib.request.urlopen() is used without explicit SSL context, which could allow MITM attacks if the system's default SSL verification is disabled or weak.
Missing input validation on file paths
Kubeconfig secrets written to temp directory
Error messages may leak internal state
Reliability
Success rate
72%
Calls made
100
Avg latency
250ms
P95 latency
800ms
Failure modes
- • Binary download failures: Network errors during download_binary() with no retry logic, fails with generic RuntimeError
- • Platform detection edge cases: Unsupported arch/OS combinations raise RuntimeError without structured error info
- • File system race conditions: Binary path creation has TOCTOU vulnerability - exists check then download could fail if file created between
- • Subprocess failures: execute() calls subprocess.run() but only returns exit code, no structured error on subprocess crash
- • Missing parameter validation: No validation of args passed to binary, invalid args cause subprocess failure with opaque errors
- • HTTP streaming protocol errors: CreateHTTPStreams expects exact stream count, unexpected streams cause 'unimplemented stream type' error
- • Kubeconfig handling: Multiple kubeconfig operations with no error handling for malformed configs or missing contexts
- • Type conversion failures: FieldString/FieldInt return empty/zero on type mismatch with no indication of actual type
- • NPM wrapper signal handling: Child process termination may not propagate correct exit codes on all signal types
- • Resource cleanup: Temp files from download_binary may leak on exception, no explicit cleanup in finally block
Code health
License
Apache-2.0
Has tests
Yes
Has CI
Yes
Dependencies
~15-20 (estimated from Go modules and npm)
This is a Kubernetes MCP (Model Context Protocol) server written in Go with multi-platform binaries distributed via npm and PyPI. Strong positives: comprehensive testing framework (test helpers, mocks, unstructured object testing), CI configuration (Makefile with extensive build targets), multi-platform support (darwin/linux/windows, amd64/arm64), Docker/Helm deployments, Apache-2.0 license, detailed README (48KB), typed Go codebase, published to npm/PyPI registries. The project has good structure with internal test utilities, build automation, and evaluation framework (evals/tasks). Concerns: no CHANGELOG, cannot verify git activity/maintenance metrics, no visible test coverage reporting, dependency health unknown. The extensive Makefile and test infrastructure suggest active development, but lack of CHANGELOG and unknown commit history are maintenance red flags. Score of 7 reflects solid technical foundation with documentation gaps.