canvas-mcp-developer
Verified Safeby Shigakuresama
Overview
A Model Context Protocol (MCP) server for students to access read-only Canvas LMS data and integrate with NotebookLM for study material organization.
Installation
node dist/index.jsEnvironment Variables
- CANVAS_BASE_URL
- CANVAS_API_TOKEN
- CANVAS_COOKIE_PATH
Security Notes
The server uses environment variables for sensitive Canvas API tokens and cookie paths, which is good practice. It also implements rate limiting to respect Canvas API limits. `child_process.spawn` is used for Python bridge scripts, which is safer than `exec`. However, the 'read-only access' claim in the README is contradicted by the presence of `canvas_bookmark_create` and `canvas_bookmark_delete` tools, which perform write operations (though minor, affecting only the user's bookmarks). The `notebooklm_prepare_content` tool takes user-provided `input_path` and `output_dir` which, in an adversarial AI scenario, could theoretically lead to path traversal for reading/writing arbitrary files on the server if not strictly contained. However, for its intended use case with a trusted AI agent, these are considered low risk.
Similar Servers
mcp-omnisearch
Provides a unified interface for various search, AI response, content processing, and enhancement tools via Model Context Protocol (MCP).
better-notion-mcp
Provides a Markdown-first MCP server for Notion, optimizing Notion API interactions for AI agents by consolidating endpoints into composite actions and reducing LLM token overhead for tool descriptions.
comptext-mcp-server
Provides token-efficient access to Domain-Specific Language (DSL) documentation stored in Notion for LLM interactions.
brainloop-mcp-server-v2
Enables AI agents to interact with the Brainloop personalized learning platform by providing structured access to course management, content creation, and progress tracking, using an MCP (Model Context Protocol) interface.