mcp4openapi
Verified Safeby davidruzicka
Overview
Acts as a universal Model Context Protocol (MCP) server, transforming any OpenAPI specification into production-ready MCP tools for consumption by AI clients like LLMs and IDEs, aiming to reduce context pollution and enable custom workflows through profiles.
Installation
npx mcp4openapiEnvironment Variables
- MCP4_OPENAPI_SPEC_PATH
- MCP4_API_TOKEN
- MCP4_API_BASE_URL
Security Notes
The project demonstrates a strong focus on security. It includes DNS rebinding protection and strict Host header validation, robust CORS and Origin validation using `allowedOrigins` (supporting wildcards and CIDR ranges), and XSS sanitization of error messages (e.g., in OAuth callbacks). OAuth 2.0 implementation features PKCE, code expiration checks, and thorough redirect URI host validation to prevent open redirects. All endpoints, including OAuth, are rate-limited. Sensitive information like API tokens is redacted from logs, and token length validation is enforced. Secrets are consistently managed via environment variables, with no hardcoded values observed. No usage of `eval` or similar dangerous patterns was found.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.
mcp-context-forge
A comprehensive Model Context Protocol (MCP) gateway and proxy that unifies REST, MCP, and A2A services, providing features like federation, virtual servers, rate-limiting, security, and an optional admin UI for managing web content and file conversions to markdown.
mcphub
A hub for managing, orchestrating, and providing a unified API for various Model Context Protocol (MCP) servers and their tools, including user management, OAuth services, and discovery of external servers.
mcp-omnisearch
Provides a unified interface for LLMs to access multiple web search, AI response, content processing, and enhancement tools from various providers through the Model Context Protocol (MCP).