Model Context Protocol moderate risk

Fetch

Fetches web content (HTML, JSON, text, Markdown) from URLs, with optional headers and size limits, offering versatile data extraction capabilities.

Connections & Capabilities

Connects To

GitHubTwitter

Capabilities

read

Quickstart

Config

{
  "mcpServers": {
    "fetch": {
      "command": "npx",
      "args": [
        "mcp-fetch-server"
      ], 
      "env": {
        "DEFAULT_LIMIT": "50000" // optionally change default limit
      }
    }
  }
}

Exposed MCP Tools (4)

moderate

fetch_html

Fetches a website's content and returns it as raw HTML.

Fetching arbitrary URLs can expose the system to malicious HTML.

moderate

fetch_json

Fetches a JSON file from a given URL.

Fetching arbitrary URLs can expose the system to malicious JSON payloads.

moderate

fetch_txt

Fetches a website and returns its content as plain text, stripping HTML tags.

Fetching arbitrary URLs can expose the system to potentially harmful content, even after stripping HTML.

moderate

fetch_markdown

Fetches a website and converts its content to Markdown format.

Fetching arbitrary URLs can expose the system to malicious HTML that, when converted to Markdown, may still pose a risk.

Safety Assessment

The Fetch server is generally safe for read-only operations. However, the risk of SSRF and fetching malicious content exists if URLs are not carefully validated. Implementing URL validation and rate limiting would improve safety.

Read-only operations; fetches data but does not modify remote resources.
Configurable maximum fetch length limits potential resource exhaustion.
No persistent data storage, reducing data breach risks.
Uses well-established libraries like JSDOM and TurndownService.

Unvalidated URLs could lead to SSRF vulnerabilities.
Fetching arbitrary URLs exposes the server to the risk of fetching malicious content.
Custom headers allow potential credential exposure if misused.
No built-in rate limiting could lead to abuse or denial-of-service.