Model Context Protocol moderate risk

Filesystem

This MCP server provides access to the local filesystem, enabling read, write, and management operations within specified allowed directories.

Connections & Capabilities

Connects To

GitHubDockerFilesystem

Capabilities

readwriteadmin

Quickstart

Config

{
  "mcpServers": {
    "filesystem": {
      "command": "mcp-filesystem-server",
      "args": ["/path/to/allowed/directory", "/another/allowed/directory"]
    }
  }
}

Exposed MCP Tools (14)

safe

read_file

Reads the complete contents of a specified file.

Read-only operation, no side effects.

safe

read_multiple_files

Reads the contents of multiple files in a single operation.

Read-only operation, no side effects.

critical

write_file

Creates a new file or overwrites an existing file with specified content.

Can overwrite or create files, potentially leading to data loss or corruption.

high

copy_file

Copies files and directories from a source to a destination.

Can create copies of sensitive files in unintended locations.

high

move_file

Moves or renames files and directories.

Can move files to unintended locations, potentially disrupting workflows or hiding data.

critical

delete_file

Deletes a file or directory from the file system.

Can permanently delete files and directories, leading to data loss.

high

modify_file

Updates a file by finding and replacing text using string matching or regex.

Can modify file contents, potentially introducing errors or malicious code.

safe

list_directory

Gets a detailed listing of all files and directories in a specified path.

Read-only operation, no side effects.

moderate

create_directory

Creates a new directory or ensures a directory exists.

Can create new directories, potentially altering the file system structure.

safe

tree

Returns a hierarchical JSON representation of a directory structure.

Read-only operation, no side effects.

safe

search_files

Recursively searches for files and directories matching a pattern.

Read-only operation, no side effects.

safe

search_within_files

Searches for text within file contents across directory trees.

Read-only operation, no side effects.

safe

get_file_info

Retrieves detailed metadata about a file or directory.

Read-only operation, no side effects.

safe

list_allowed_directories

Returns the list of directories that this server is allowed to access.

Read-only operation, no side effects.

Safety Assessment

This server is relatively safe when configured with carefully chosen allowed directories and used for read-only operations. However, the write and delete capabilities pose a significant risk if the allowed directories are too broad or if the server is used by untrusted actors.

Access is restricted to pre-defined allowed directories.
Path validation helps prevent directory traversal attacks.
Symlink resolution includes security checks.
No external network access required.

Includes tools for writing, modifying, and deleting files.
Incorrect configuration of allowed directories could expose sensitive data.
Potential for denial-of-service through excessive file operations.
No built-in authentication or authorization beyond allowed directories.