Model Context Protocol moderate risk

Claude Code

MCP server enabling Claude to interact with and modify project files using tools like read, write, edit, and run_command with permission handling.

Connections & Capabilities

Connects To

Filesystem

Capabilities

readwriteexec

Exposed MCP Tools (16)

safe

read

Reads the content of a file, with options for line numbers, offset, and limit.

Read-only operation, no side effects.

high

write

Creates a new file or overwrites an existing file with provided content.

Can overwrite existing files, potentially leading to data loss.

high

edit

Makes line-based edits to a text file.

Modifies existing files, potentially introducing errors or unintended changes.

high

multi_edit

Makes multiple precise text replacements in a single file operation with atomic transactions.

Complex edits can introduce errors; atomic transactions mitigate but don't eliminate risk.

safe

directory_tree

Retrieves a recursive tree view of directories.

Read-only operation, no side effects.

safe

grep

Searches for patterns within files using ripgrep for performance.

Read-only operation, no side effects.

high

content_replace

Replaces patterns within the content of a file.

Modifies file content, potentially leading to data loss or corruption.

safe

grep_ast

Searches code with AST context, showing matches within functions, classes, etc.

Read-only operation, no side effects.

critical

run_command

Executes shell commands on the server.

Allows arbitrary code execution, posing a significant security risk.

safe

notebook_read

Extracts and reads source code from all cells in a Jupyter notebook, including outputs.

Read-only operation, no side effects.

high

notebook_edit

Edits, inserts, or deletes cells in a Jupyter notebook.

Modifies notebook structure and content, potentially breaking functionality.

safe

think

Provides a structured space for complex reasoning and analysis without making changes.

No file system modifications or external calls.

safe

dispatch_agent

Launches one or more agents that can perform tasks using read-only tools concurrently.

Agents are restricted to read-only tools.

high

batch

Executes multiple tool invocations in parallel or serially in a single request.

Aggregates the risks of the individual tools being batched.

moderate

todo_write

Creates and manages a structured task list.

Creates or modifies a task list file.

safe

todo_read

Reads a structured task list.

Read-only operation, no side effects.

Safety Assessment

This server provides powerful file manipulation capabilities, but its safety depends heavily on proper configuration and user awareness. It is safe when used with strict directory restrictions and careful permission management. It is risky when given broad access or when executing untrusted commands.

Permission prompts for file modifications and command execution
Restricted access to specified directories
Input validation and sanitization
Proper error handling and reporting

Potential for arbitrary code execution via `run_command`
File system write access
Reliance on user configuration for security
Complexity of managing permissions correctly