mcp-server-box
by box-community
Overview
The Box MCP Server provides a Microservice Context Protocol (MCP) interface to interact with the Box API, enabling AI agents and other clients to perform various file, folder, collaboration, metadata, and AI-powered operations on Box content.
Installation
uv run src/mcp_server_box.pyEnvironment Variables
- BOX_CLIENT_ID
- BOX_CLIENT_SECRET
- BOX_REDIRECT_URL
- BOX_MCP_SERVER_AUTH_TOKEN
- OAUTH_PROTECTED_RESOURCES_CONFIG_FILE
- BOX_SUBJECT_TYPE
- BOX_SUBJECT_ID
- BOX_PUBLIC_KEY_ID
- BOX_PRIVATE_KEY
- BOX_PRIVATE_KEY_PASSPHRASE
- BOX_JWT_CONFIG_FILE
- LOG_LEVEL
Security Notes
CRITICAL: The server's `/oauth/register` endpoint, when running with `--transport=http` or `--transport=sse`, directly exposes the configured `BOX_CLIENT_ID` and `BOX_CLIENT_SECRET` in its response. This is a severe hardcoded secret exposure, as these credentials should remain confidential. Anyone accessing this public endpoint can retrieve the client ID and client secret, which could then be used for unauthorized access to the Box API or to impersonate the application.
Similar Servers
tmcp
Build Model Context Protocol (MCP) servers for AI agents, providing schema-agnostic tools, resources, and prompts, with optional OAuth 2.1 authentication and distributed session management.
mcp-servers
Provides a curated collection of Model Context Protocol (MCP) server configurations to enable AI agents to interact with various developer tools and services.
toolhive-studio
ToolHive simplifies and secures the discovery, deployment, and management of Model Context Protocol (MCP) servers, enabling connections to AI agents and clients.
docker-mcp-server
Provides a containerized Model Context Protocol (MCP) server for AI agents to securely execute shell commands and perform file operations via HTTP with bearer token authentication, supporting aggregation of child MCP servers.