filesys
Verified Safeby gomcpgo
Overview
A secure MCP server providing filesystem operations with controlled access to specified directories for agent-based interactions.
Installation
go run ./cmd/main.goEnvironment Variables
- MCP_ALLOWED_DIRS
Security Notes
The server implements robust path validation including symbolic link resolution using `filepath.EvalSymlinks()` to prevent traversal attacks. It enforces canonical path checking against a list of explicitly allowed directories, preventing `../` traversal and prefix matching attacks (e.g., `/allowed` vs `/allowed_attacker`). Non-existent paths for write operations are validated by checking their parent directory chains. Broken symbolic links are explicitly blocked. All access denial attempts are logged with a 'SECURITY:' prefix for monitoring. Allowed directories are configured via an environment variable, preventing hardcoded paths. While highly secure, no system is entirely impervious to all theoretical attack vectors, hence a 9/10.
Similar Servers
mcp-filesystem-server
Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.
dev-kit-mcp-server
A Model Context Protocol (MCP) server targeted for agent development tools, providing scoped authorized operations in the root project directory.
server-filesystem
Provides a secure Node.js server implementing Model Context Protocol (MCP) for AI clients to perform a wide range of filesystem operations with strict access control.
llm-tools
Provides high-performance filesystem operations (file management, editing, search, archiving) as an MCP server for AI agents like Claude Code, acting as the agent's 'hands' for codebase interaction.