xcode-mcp-server

Security Findings (14)

• HighExcessive Permission Surface ×2

  • run_tests:tool declares exec permission
  • run_xcrun:tool declares exec permission

  Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
• MediumExcessive Permission Surface ×10

  • set_projects_base_dir:tool declares fs permission
  • set_project_path:tool declares fs permission
  • read_file:tool declares fs permission
  • write_file:tool declares fs permission
  • list_project_files:tool declares fs permission
  • analyze_file:tool declares fs permission
  • compile_asset_catalog:tool declares fs permission
  • trace_app:tool declares fs permission
  • swift_package_update:tool declares fs permission
  • list_directory:tool declares fs permission

  Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
• LowDoS Resilience — Missing Rate Limit / Timeout ×2

  • run_tests:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • run_xcrun:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

  Rule: AS-011Fix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.