graphql-mcp-server
Verified Safeby ThoreKoritzius
Overview
A Python MCP server for LLMs that indexes a GraphQL schema, stores embeddings for type-field signatures, and enables fast semantic lookup and query execution against a GraphQL endpoint.
Installation
python3 src/server.pyEnvironment Variables
- GRAPHQL_EMBED_API_KEY
- GRAPHQL_ENDPOINT_URL
Security Notes
The server makes network requests to user-configured embedding endpoints (via `GRAPHQL_EMBEDDINGS_URL`) and GraphQL API endpoints (via `GRAPHQL_ENDPOINT_URL`). While essential for its function, configuring with untrusted URLs could expose internal networks to Server-Side Request Forgery (SSRF) vulnerabilities if the server is publicly exposed. No 'eval' or obvious malicious code patterns were found. API keys and sensitive configuration are loaded from environment variables, promoting secure practice. `json.loads` is used for parsing environment variables like `GRAPHQL_EMBED_HEADERS` and `GRAPHQL_ENDPOINT_HEADERS`, which are configuration and not arbitrary runtime user input.
Similar Servers
mcp-server-elasticsearch
Connects Model Context Protocol (MCP) clients to Elasticsearch instances, enabling natural language queries and interactions with Elasticsearch indices and data.
mcp-omnisearch
Provides a unified interface for various search, AI response, content processing, and enhancement tools via Model Context Protocol (MCP).
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
opensearch-mcp-server-py
Enables AI assistants and LLMs to interact with OpenSearch clusters by providing a standardized Model Context Protocol (MCP) interface through built-in and dynamic tools.