graphql-mcp-server
by demeyerthom
Overview
This server exposes GraphQL operations as callable tools for the Model Context Protocol (MCP), allowing AI agents or other systems to interact with a GraphQL endpoint.
Installation
go build -o graphql-mcp-server . && ./graphql-mcp-serverSecurity Notes
The `BuildGenericOperationTool` (enabled by `generic_operation.enabled` in config) directly executes arbitrary GraphQL operation strings provided via the `operation` parameter of the `mcp.CallToolRequest` using `GraphqlClient.ExecRaw`. This constitutes a significant security risk, as it allows for GraphQL injection, enabling any client capable of calling this tool to execute arbitrary queries or mutations on the backend GraphQL schema endpoint. There are no apparent sanitization or validation steps for this input. Without strict control over the callers of this tool, it could be exploited for data exfiltration, unauthorized mutations, or denial-of-service against the GraphQL endpoint.
Similar Servers
saleor-mcp
Provides a Python-based GraphQL API server, likely serving as a backend microservice or API for a Saleor e-commerce ecosystem.
mcp-graphql-forge
A modular MCP server that converts GraphQL API endpoints into discoverable and configurable tools for agents.
mcp-server
A Model Context Protocol (MCP) server that provides real-time Indian options market data and volatility analytics from GetOutpost.in for integration with AI chat models like Claude.
MCP-SERVER
Provides an MCP server for automated data analysis workflows including loading datasets, cleaning data, sentiment analysis, clustering, topic extraction, and generating comprehensive reports with visualizations for an AI client.