openpyxl-mcp-server
by jagarlamudisrinath
Overview
Provides a Flask-based web API to programmatically interact with and manipulate Excel files using the openpyxl library.
Installation
gunicorn --bind 0.0.0.0:$PORT wsgi:appEnvironment Variables
- HOST
- PORT
Security Notes
CRITICAL: The server is vulnerable to path traversal. The `file_name` parameter in API requests (e.g., for file deletion via `os.remove`) is directly taken from user input (`request.json.get('file_name')`) and combined with a temporary directory path using `os.path.join`. This allows an attacker to specify relative paths (e.g., `../../../../etc/passwd`) to access and potentially delete arbitrary files on the server's filesystem. This is a severe vulnerability and makes the server unsafe to run in its current state.
Similar Servers
excel-mcp-server
This server allows AI agents to manipulate Excel files (create, read, update, format, chart, pivot, validate) without requiring Microsoft Excel to be installed.
spreadsheet-mcp
Analyze and edit spreadsheet files programmatically, designed for token-efficient interaction by LLM agents, focusing on structured data access, modification, formula analysis, and optional VBA inspection.
mcp-gsheets
A Model Context Protocol (MCP) server for Google Sheets API integration, enabling reading, writing, and managing Google Sheets documents directly from MCP clients like Claude Code, Claude Desktop, or Cursor.
mcp-server-excel
Automate Microsoft Excel operations through natural language commands for AI assistants or via a command-line interface, including Power Query, DAX measures, VBA macros, PivotTables, Charts, Ranges, and Worksheets.