excel-mcp-server
Verified Safeby haris-musa
Overview
This server allows AI agents to manipulate Excel files (create, read, update, format, chart, pivot, validate) without requiring Microsoft Excel to be installed.
Installation
uvx excel-mcp-server stdioEnvironment Variables
- EXCEL_FILES_PATH
- FASTMCP_PORT
- FASTMCP_HOST
Security Notes
The server uses `os.path.join` to construct file paths based on `EXCEL_FILES_PATH` and the provided `filename`. While `os.path.join` can handle some path components, it does not explicitly sanitize the `filename` parameter against directory traversal (`../`) attacks before joining, which could potentially allow access outside the intended `EXCEL_FILES_PATH` if exploited. However, the `validate_formula` function explicitly checks for and prevents potentially unsafe Excel functions like `INDIRECT`, `HYPERLINK`, `WEBSERVICE`, `DGET`, and `RTD`, which is a good security measure. No direct `eval` or unsanitized shell command execution was found, nor were hardcoded secrets apparent.
Similar Servers
spreadsheet-mcp
Analyze and edit spreadsheet files programmatically, designed for token-efficient interaction by LLM agents, focusing on structured data access, modification, formula analysis, and optional VBA inspection.
spreadsheet-read-mcp
An LLM-friendly API server for analyzing and editing spreadsheet files, enabling 'discover → profile → extract' workflows, 'what-if' scenarios, and VBA inspection without dumping entire files into LLM context.
mcp-gsheets
A Model Context Protocol (MCP) server for Google Sheets API integration, enabling reading, writing, and managing Google Sheets documents directly from MCP clients like Claude Code, Claude Desktop, or Cursor.
mcp-server-excel
Automate Microsoft Excel operations through natural language commands for AI assistants or via a command-line interface, including Power Query, DAX measures, VBA macros, PivotTables, Charts, Ranges, and Worksheets.