openapi-generate
Verified Safeby BUZDOLAPCI
Overview
Parse OpenAPI 3.x specifications to generate MCP tool schemas and full MCP server scaffolds in TypeScript or Python.
Installation
npm startEnvironment Variables
- MCP_TRANSPORT
- MCP_PORT
- MCP_HOST
- MCP_SERVER_NAME
- MCP_SERVER_VERSION
Security Notes
The server uses `@apidevtools/swagger-parser` to dereference OpenAPI specs, which can involve fetching remote URLs (via `spec_url_or_json` input). This introduces a potential Server-Side Request Forgery (SSRF) risk if untrusted or malicious URLs are provided, and the server's environment is not adequately isolated. However, this is a core and expected functionality of an OpenAPI parser. The implementation of tool execution via JSON-RPC uses a `switch` statement to explicitly call known functions (`openapiParse`, `generateToolSchemas`, `generateServerScaffold`), preventing dynamic code execution vulnerabilities like `eval`. No hardcoded sensitive secrets were found in this server's codebase, although generated server scaffolds include placeholder API keys in their `.env.example` files, which is appropriate.
Similar Servers
openapi2mcp
Generates MCP (Model Context Protocol) server tools in TypeScript from OpenAPI 3.x specifications.
opencode-mcp
An MCP (Model Context Protocol) server that provides seamless integration with OpenCode, the open-source AI coding agent for the terminal.
swagger2mcp
Transforms OpenAPI/Swagger specifications into Model Context Protocol (MCP) servers, enabling secure and accurate LLM interaction with APIs.
appdog
AppDog generates asynchronous API clients and Model Context Protocol (MCP) servers directly from OpenAPI specifications.