set_config seems pretty dangerous

[genesiscz]

I mean, wouldn't it be better to just use the configuration params while starting the server, instead of making sure the model is not just calling whatever it wants? This seems like a pretty serious security concern and I think it would be useful to just don't let the model change the configuration insted of having this warning.

[wonderwhy-er]

Its a balance/compromise for non technical users. Most people will not edit startup config. So we wanted chatbot to be able to help them to configure.

Since we wrote that warning things also changed in Claude, now you can disable tools one by one

So you have option to remove that + edit config json by hand if you want

[wonderwhy-er]

I do think it can be done better but we are trying to find best compromise given we do not have control over Claude client ui/ux