spreadsheet-mcp
Verified Safeby PSU3D0
Overview
Analyze and edit spreadsheet files programmatically, designed for token-efficient interaction by LLM agents, focusing on structured data access, modification, formula analysis, and optional VBA inspection.
Installation
docker run -v /path/to/workbooks:/data -p 8079:8079 ghcr.io/psu3d0/spreadsheet-mcp:fullEnvironment Variables
- SPREADSHEET_MCP_WORKSPACE
- SPREADSHEET_MCP_CACHE_CAPACITY
- SPREADSHEET_MCP_EXTENSIONS
- SPREADSHEET_MCP_WORKBOOK
- SPREADSHEET_MCP_ENABLED_TOOLS
- SPREADSHEET_MCP_TRANSPORT
- SPREADSHEET_MCP_HTTP_BIND
- SPREADSHEET_MCP_RECALC_ENABLED
- SPREADSHEET_MCP_VBA_ENABLED
- SPREADSHEET_MCP_MAX_CONCURRENT_RECALCS
- SPREADSHEET_MCP_TOOL_TIMEOUT_MS
- SPREADSHEET_MCP_MAX_RESPONSE_BYTES
- SPREADSHEET_MCP_ALLOW_OVERWRITE
- SPREADSHEET_MCP_MAX_PNG_DIM_PX
- SPREADSHEET_MCP_MAX_PNG_AREA_PX
Security Notes
The server performs extensive file system operations (reading/writing/creating temporary files) and executes external binaries (LibreOffice, pdftoppm) for core functionality (recalculation, screenshots). While the provided source code shows effort in sanitizing paths and arguments to external commands, the inherent nature of these operations means that a misconfigured `workspace_root` (allowing untrusted code execution or file writes to sensitive directories) or a vulnerability in LibreOffice/pdftoppm could pose a risk. The `save_fork` tool, if `--allow-overwrite` is enabled, can modify original source files, which requires careful consideration. VBA code is only read, not executed, which is a good security practice.
Similar Servers
excel-mcp-server
This server allows AI agents to manipulate Excel files (create, read, update, format, chart, pivot, validate) without requiring Microsoft Excel to be installed.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.
spreadsheet-read-mcp
An LLM-friendly API server for analyzing and editing spreadsheet files, enabling 'discover → profile → extract' workflows, 'what-if' scenarios, and VBA inspection without dumping entire files into LLM context.
mcp-gsheets
A Model Context Protocol (MCP) server for Google Sheets API integration, enabling reading, writing, and managing Google Sheets documents directly from MCP clients like Claude Code, Claude Desktop, or Cursor.