github · linkedin-mcp-servere336062e419c

Evidence

-v ~/.linkedin-mcp:/home/pwuser/.linkedin-mcp \

  -p 8080:8080 \

  stickerdaniel/linkedin-mcp-server:latest \

  --transport streamable-http --host 0.0.0.0 --port 8080 --path /mcp

```

Runtime server logs are emitted by FastMCP/Uvicorn.

Remediation

Bind to 127.0.0.1 for local-only access. If cross-host access is truly required, put the service behind an authenticated reverse proxy rather than exposing it on 0.0.0.0.

Evidence

Args:

            ctx: FastMCP context for progress reporting

            num_posts: Number of posts to fetch (1-50, default 10).

                       Posts are loaded in batches of ~5 as the page scrolls,

                       so the actual count may slightly exceed the target.

Remediation

Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.

Evidence

# HTTP transport configuration

    host: str = "127.0.0.1"

    port: int = 8000

    path: str = "/mcp"

    tool_timeout_seconds: float = DEFAULT_TOOL_TIMEOUT_SECONDS

    def validate(self) -> None:

Remediation

Shape the schema to the tool's actual intent: - Zod: chain `.enum([...])`, `.regex(/.../)`, or `.max(n)`; prefer `z.enum([...])` or `z.literal(...)` when the value set is small. - Pydantic: use `Literal["a", "b"]` or `Field(max_length=..., pattern=r"...")`. - JSON Schema: add `"enum"`, `"pattern"`, or `"maxLength"` to the property. An overbroad schema is an "overpowered tool" — the model has nothing to prevent it from calling the tool with input far beyond what the tool's prose contract

Evidence

suggested_wait_time=30,

                )

    except RateLimitError:

        raise

    except PlaywrightTimeoutError:

        pass

async def scroll_to_bottom(

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

await close_button.click()

            await asyncio.sleep(0.5)

            logger.debug("Closed modal")

            return True

    except PlaywrightTimeoutError:

        pass

    except Exception as e:

        logger.debug("Error closing modal: %s", e)

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

trace_jsonl = trace_dir / "trace.jsonl"

    try:

        fd = os.open(str(trace_jsonl), os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600)

        os.close(fd)

    except FileExistsError:

        pass

    with trace_jsonl.open("a", encoding="utf-8") as fh:

        fh.write(json.dumps(payload, ensure_ascii=True) + "\n")

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

def exit_gracefully(exit_code: int = 0) -> None:

    """Exit the application gracefully with browser cleanup."""

    try:

        asyncio.run(close_browser())

    except Exception:

        pass  # Best effort cleanup

    sys.exit(exit_code)

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

try:

                return version(package_name)

            except PackageNotFoundError:

                continue

    except Exception:

        pass

    try:

        import os

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

for handler in root_logger.handlers[:]:

        root_logger.removeHandler(handler)

        try:

            handler.close()

        except Exception:

            pass

    global _TRACE_CLEANUP_REGISTERED, _TRACE_FILE_HANDLER

    _TRACE_FILE_HANDLER = None

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

try:

            await self._page.wait_for_selector(

                _DIALOG_SELECTOR, state="hidden", timeout=3000

            )

        except PlaywrightTimeoutError:

            pass

    async def _open_more_menu(self) -> bool:

        """Open the profile's More (three-dot) menu in a locale-independent way.

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

)

        finally:

            try:

                self._page.remove_listener("response", _handle_response)

            except Exception:

                pass

            await _drain_listener_tasks(pending_reads)

    async def _extract_feed_body(

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.

Evidence

log_path = trace_dir / "server.log"

        try:

            fd = os.open(str(log_path), os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600)

            os.close(fd)

        except FileExistsError:

            pass

        file_handler = logging.FileHandler(log_path, encoding="utf-8")

        file_handler.setFormatter(formatter)

        root_logger.addHandler(file_handler)

Remediation

Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.