mcp-server-box
by box-community
Overview
The Box MCP Server provides a Microservice Context Protocol (MCP) interface to interact with the Box API, enabling AI agents and other clients to perform various file, folder, collaboration, metadata, and AI-powered operations on Box content.
Installation
uv run src/mcp_server_box.pyEnvironment Variables
- BOX_CLIENT_ID
- BOX_CLIENT_SECRET
- BOX_REDIRECT_URL
- BOX_MCP_SERVER_AUTH_TOKEN
- OAUTH_PROTECTED_RESOURCES_CONFIG_FILE
- BOX_SUBJECT_TYPE
- BOX_SUBJECT_ID
- BOX_PUBLIC_KEY_ID
- BOX_PRIVATE_KEY
- BOX_PRIVATE_KEY_PASSPHRASE
- BOX_JWT_CONFIG_FILE
- LOG_LEVEL
Security Notes
CRITICAL: The server's `/oauth/register` endpoint, when running with `--transport=http` or `--transport=sse`, directly exposes the configured `BOX_CLIENT_ID` and `BOX_CLIENT_SECRET` in its response. This is a severe hardcoded secret exposure, as these credentials should remain confidential. Anyone accessing this public endpoint can retrieve the client ID and client secret, which could then be used for unauthorized access to the Box API or to impersonate the application.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
devbox-mcp-server
Seamlessly integrate AI agents with Microsoft Dev Box services for natural language interactions to manage Dev Boxes, configurations, and pools.
docker-mcp-server
A Model Context Protocol (MCP) server for containerized execution and file operations, enabling AI assistants to interact with a Docker environment via HTTP.
mcp-server
A web-based Docker management platform for deploying, managing, and building custom AI tools (MCP servers) for integration with language models.