Model Context Protocol moderate risk

Openapi

An MCP server that loads and serves OpenAPI specifications, enabling LLM-powered IDE integrations for API exploration and code generation within development environments.

Connections & Capabilities

Connects To

GitHubTeamsTwitter

Capabilities

read

Quickstart

Config

{
  "mcpServers": {
    "@reapi/mcp-openapi": {
      "command": "npx",
      "args": ["-y", "@reapi/mcp-openapi@latest", "--dir", "./specs"],
      "env": {}
    }
  }
}

Exposed MCP Tools (7)

safe

refresh-api-catalog

Refreshes the API catalog by rescanning the specified directory for OpenAPI specifications.

Read-only operation; rescans the directory for API specifications.

safe

get-api-catalog

Retrieves the complete API catalog containing metadata about all OpenAPI specifications, operations, and schemas.

Read-only operation; retrieves metadata about API specifications.

safe

search-api-operations

Searches for API operations across specifications based on a query string.

Read-only operation; searches for operations based on a query.

safe

search-api-schemas

Searches for API schemas across specifications based on a query string.

Read-only operation; searches for schemas based on a query.

safe

load-api-operation-by-operationId

Loads an API operation by its unique operation ID.

Read-only operation; retrieves operation details by ID.

safe

load-api-operation-by-path-and-method

Loads an API operation by its path and HTTP method.

Read-only operation; retrieves operation details by path and method.

safe

load-api-schema-by-schemaName

Loads an API schema by its name.

Read-only operation; retrieves schema details by name.

Safety Assessment

This MCP server is generally safe for exploring APIs and generating code snippets. The primary risk lies in the execution of `npx` commands and the quality/security of the OpenAPI specifications provided. Ensure specifications are from trusted sources and carefully review generated code before execution. Avoid including sensitive information in the OpenAPI specifications.

Primarily read-only operations on API specifications.
No direct access to external resources or sensitive data.
Operates within the context of the IDE, limiting scope.
Configuration through JSON files allows for controlled setup.

Can execute `npx` commands, which introduces potential for arbitrary code execution if misconfigured.
Incorrectly configured OpenAPI specs could lead to LLM generating incorrect or harmful code.
Reliance on user-provided OpenAPI specifications means potential exposure to malicious or poorly designed APIs.
If specs include authentication details, those could be exposed to the LLM.