openapi2mcp
Verified Safeby cosmonic-labs
Overview
Generates MCP (Model Context Protocol) server tools in TypeScript from OpenAPI 3.x specifications.
Installation
npx openapi2mcp <spec.yaml> --project-path <output-dir>Security Notes
The core function is code generation, transforming OpenAPI specifications into TypeScript files that define MCP server tools. The generated TypeScript code then uses an `httpClient` to make API calls based on the original OpenAPI definitions. The `openapi2mcp` generator itself appears to implement reasonable safeguards against code injection into the generated output, such as escaping quotes and newlines for descriptions (`comment` function) and sanitizing names for variable generation (`cleanup_string` function). However, the ultimate runtime security of the *generated MCP server* is highly dependent on the security of the input OpenAPI specification (e.g., preventing malicious URLs or content if derived from untrusted sources) and the robustness of the external `httpClient` library (not provided in full source for analysis) to handle potentially malformed or malicious API call parameters safely.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
template-mcp-server
Provides a CLI tool and template to quickly get started building a Model Context Protocol (MCP) server using FastMCP, supporting both stdio and HTTP transports.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
mcp-execution
Transforms any Model Context Protocol (MCP) server into executable, type-safe TypeScript tools for AI agents, enabling progressive loading and achieving significant token savings.