office-mcp-server
by jiahuidegit
Overview
This server enables AI agents to generate professional Word and Excel documents with various themes and embed Mermaid diagrams.
Installation
npx @erliban/office-mcp-serverEnvironment Variables
- OUTPUT_DIR
Security Notes
The server's `word_create` and `excel_create` tools accept an `outputPath` argument directly from AI input. This allows writing files to arbitrary locations on the host system where the Node.js process has write permissions. An adversarial AI or prompt injection could exploit this to perform path traversal and write to sensitive system files (e.g., `/etc/passwd`, executable paths), leading to severe arbitrary file write vulnerabilities. While `OUTPUT_DIR` can be set via environment variables, the tool's internal logic does not enforce this restriction on the `outputPath` parameter, making it dependent on the calling environment's (AI client) sanitization or sandboxing, which is not guaranteed. Additionally, Mermaid diagram generation relies on an external service (kroki.io), which introduces a dependency on a third-party API and sends diagram code externally, posing a potential data privacy risk for sensitive diagram content.
Similar Servers
excel-mcp-server
This server allows AI agents to manipulate Excel files (create, read, update, format, chart, pivot, validate) without requiring Microsoft Excel to be installed.
mcp-mermaid
Generate Mermaid diagrams and charts from textual syntax, primarily for AI models or documentation platforms to visualize information dynamically.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.
spreadsheet-mcp
Analyze and edit spreadsheet files programmatically, designed for token-efficient interaction by LLM agents, focusing on structured data access, modification, formula analysis, and optional VBA inspection.