molecule-core/.mcp.json.example at c4bb325267b6dc44b8557bb792fe5906ed4ca455 - molecule-core - Gitea: Git with a cup of tea

molecule-ai/molecule-core

Hongming Wang a61dadde43 fix(security): GLOBAL memory delimiter spoofing + pin MCP npm version

SAFE-T1201 (#807): Escape [MEMORY prefix in GLOBAL memory content on
write to prevent delimiter-spoofing prompt injection. Content stored
as "[_MEMORY " so it renders as text, not structure, when wrapped with
the real delimiter on read.

SAFE-T1102 (#805): Pin @molecule-ai/mcp-server@1.0.0 in .mcp.json.example.
Prevents supply-chain attacks via unpinned npx -y.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-18 11:09:24 -07:00

13 lines

223 B

Plaintext

Raw Blame History

 {
   "mcpServers": {
     "molecule": {
       "type": "stdio",
       "command": "npx",
       "args": ["-y", "@molecule-ai/mcp-server@1.0.0"],
       "env": {
         "MOLECULE_URL": "http://localhost:8080"
       }
     }
   }
 }