| Description | The args parameter of the run_lldb tool provided by MCP uses the child_process.exec function to parse. This leads to arbitrary code execution.
Note: In addition to this tool, we found several other tools with similar issues. Due to time constraints, we did not verify them all. The list is as follows:
"build_list","build_project","clean_build","test_project","show_build_settings","analyze_project","archive_project","run_xcodebuild","show_build_settings","pod_install","pod_install","pod_update","pod_init","pod_add","list_pods","pod_outdated","pod_cache","pod_search","validate_podfile","read_file","read_multiple_files","write_to_file","create_directory","create_directory","list_directory","count_lines","grep_in_files","get_project_info","get_build_configurations","find_project_files","open_project_in_xcode","list_booted_simulators","list_simulators","boot_simulator","boot_simulator","shutdown_simulator","install_app","launch_app","terminate_app","open_url","take_screenshot","reset_simulator","list_installed_apps","init_swift_package","add_swift_package","remove_swift_package","edit_package_swift","build_spm_package","test_spm_package","get_package_info","update_swift_package","swift_package_command","build_swift_package","test_swift_package","show_swift_dependencies","clean_swift_package","dump_swift_package","generate_swift_docs","run_xcrun","compile_asset_catalog","run_lldb","trace_app","switch_xcode","export_archive","validate_app","generate_icon_set" |
|---|