java-project-starter-mcp
JVM Diagnostics MCP is a server designed to enhance JVM diagnostic tools, enabling easy monitoring and management of JVM processes. It provides an interface for various diagnostic tasks but is intended for local use due to security considerations.
Is it safe to use?
As the MCP server is driven by an LLM, we recommend being cautious and validating the commands it generates. If you're using a reliable LLM like Claude 3.7 or GPT-4o, which has excellent training data on JVM tools, our experience has been very good.
Is it secured, and should I run this on a remote server?
Short answer: NO.
This MCP server runs JVM diagnostic commands for you and could be exploited by an attacker to run other commands. The current implementation, as with most MCP servers at the moment, only works with the stdio transport: it's supposed to run locally on your machine, using your JVM tools, as you would do by yourself.
In the future, it's possible to have this MCP server support the http transport and token-based authentication, so that it could be used remotely by different persons. This will be considered once the MCP specification and SDK are more stable.