mcp_server_fhir
by arapodcho
Overview
An MCP server designed to expose and control FHIR (Fast Healthcare Interoperability Resources) data through a tool-calling interface, likely for integration with AI agents or other platforms to query and manage patient health information.
Installation
python src/fastmcp_server.pyEnvironment Variables
- FHIR_URL
- CLIENT_ID
- CLIENT_SECRET
- TOKEN_HOST
- AUTHORIZE_PATH
- AUTHORIZATION_METHOD
- TOKEN_PATH
- AUDIENCE
- CALLBACK_URL
- SCOPES
- CALLBACK_PORT
Security Notes
The `fastmcp_server.py` explicitly imports the `Auth` and `AuthConfig` utilities, indicating an intent for secure FHIR server access. However, the `ensure_auth` function, which is called by all tools, has the critical token acquisition and application (`fhir_client.set_access_token(access_token)`) commented out. This means the server, as provided, will attempt to connect to FHIR endpoints without any authentication. This is a severe security vulnerability if the target FHIR server contains sensitive patient data and requires authorization. Hardcoded `FHIR_URL` values for testing purposes are also present in `test_change_observation_category.py` and `fastmcp_server.py` which could lead to misconfigurations in production environments. No 'eval' or direct code injection vulnerabilities were found, but the default lack of authentication is critical.
Similar Servers
klavis
Creates an AI agent using LangChain in TypeScript that interacts with Gmail and YouTube through a Klavis Strata MCP server, enabling tasks such as summarizing YouTube videos and emailing the summaries.
tmcp
Build Model Context Protocol (MCP) servers for AI agents, enabling them to access context and execute tools.
mcp-servers
Provides a curated collection of Model Context Protocol (MCP) server configurations to enable AI agents to interact with various developer tools and services.
fhir-mcp-server
Provides seamless integration with FHIR APIs, acting as a bridge between AI/LLM tools and healthcare data for search, retrieval, and analysis.