I ran your MCP server through our automated audit tool β here are the results.
π¬ MCP Audit Report β docker-mcp
β
Strengths
- Clean, readable code structure with good separation of concerns
- Cross-platform support (Windows/Linux/macOS)
- Proper timeout handling and async operations
- Good error handling with debug info
- Clean YAML processing with safe_load
β οΈ Issues Found
1. Potential Command Injection via Project Name (Security - High)
File: src/docker_mcp/docker_executor.py (line 80)
The project_name is interpolated directly into a shell command string without sanitization on Windows. The Unix path uses subprocess_exec which avoids shell injection, but the Windows path is vulnerable.
Recommendation: Sanitize project_name to alphanumeric + hyphens, or use subprocess_exec on Windows too.
2. Module-Level Singleton Docker Client
File: src/docker_mcp/handlers.py (line 9)
A global Docker client is created at module import time. This makes testing difficult.
Recommendation: Create the DockerClient lazily or pass it to DockerHandlers.
3. Sensitive Data Leaked in Error Messages (Security - Medium)
File: src/docker_mcp/server.py (line 167)
Error responses include the full arguments dict, which can contain environment variables (DB_PASSWORD, API_KEY).
Recommendation: Redact environment fields from error responses.
4. Debug Information Exposed in All Responses
Every response includes debug info (internal paths, file locations, commands run).
Recommendation: Add a DEBUG env var flag to control debug output.
5. Unused Imports
File: src/docker_mcp/handlers.py (line 7)
Tool, Prompt, PromptArgument, GetPromptResult, and PromptMessage are imported but never used.
Recommendation: Remove the unused imports.
6. No Container Name Conflict Check
handle_create_container does not check if a container with the requested name already exists.
Recommendation: Check for name conflicts before creating containers.
7. Compose File Stored in CWD
Compose files are written to a docker_compose_files/ directory in the current working directory.
Recommendation: Write to a temp directory instead.
8. No Docker Availability Check at Startup
The server doesn't verify Docker is running at startup.
Recommendation: Add a startup health check.
9. Image Tag Ambiguity
When the image field doesn't specify a tag, it defaults to 'latest'.
Recommendation: Default to :latest explicitly or require tags.
Overall Score: 70/100
Promising foundation with good Docker Compose support. Needs hardening against command injection, sensitive data leakage, and better container lifecycle management before production use.
If you'd like a professional MCP server built, security audit, or full automation workflow, check out https://www.gadgethumans.com/services/
I ran your MCP server through our automated audit tool β here are the results.
π¬ MCP Audit Report β docker-mcp
β Strengths
1. Potential Command Injection via Project Name (Security - High)
File: src/docker_mcp/docker_executor.py (line 80)
The project_name is interpolated directly into a shell command string without sanitization on Windows. The Unix path uses subprocess_exec which avoids shell injection, but the Windows path is vulnerable.
Recommendation: Sanitize project_name to alphanumeric + hyphens, or use subprocess_exec on Windows too.
2. Module-Level Singleton Docker Client
File: src/docker_mcp/handlers.py (line 9)
A global Docker client is created at module import time. This makes testing difficult.
Recommendation: Create the DockerClient lazily or pass it to DockerHandlers.
3. Sensitive Data Leaked in Error Messages (Security - Medium)
File: src/docker_mcp/server.py (line 167)
Error responses include the full arguments dict, which can contain environment variables (DB_PASSWORD, API_KEY).
Recommendation: Redact environment fields from error responses.
4. Debug Information Exposed in All Responses
Every response includes debug info (internal paths, file locations, commands run).
Recommendation: Add a DEBUG env var flag to control debug output.
5. Unused Imports
File: src/docker_mcp/handlers.py (line 7)
Tool, Prompt, PromptArgument, GetPromptResult, and PromptMessage are imported but never used.
Recommendation: Remove the unused imports.
6. No Container Name Conflict Check
handle_create_container does not check if a container with the requested name already exists.
Recommendation: Check for name conflicts before creating containers.
7. Compose File Stored in CWD
Compose files are written to a docker_compose_files/ directory in the current working directory.
Recommendation: Write to a temp directory instead.
8. No Docker Availability Check at Startup
The server doesn't verify Docker is running at startup.
Recommendation: Add a startup health check.
9. Image Tag Ambiguity
When the image field doesn't specify a tag, it defaults to 'latest'.
Recommendation: Default to :latest explicitly or require tags.
Overall Score: 70/100
Promising foundation with good Docker Compose support. Needs hardening against command injection, sensitive data leakage, and better container lifecycle management before production use.
If you'd like a professional MCP server built, security audit, or full automation workflow, check out https://www.gadgethumans.com/services/