fastmcp
Verified Safeby jlowin
Overview
FastMCP is an ergonomic interface for the Model Context Protocol (MCP), providing a comprehensive framework for building and interacting with AI agents, tools, resources, and prompts across various transports and authentication methods.
Installation
fastmcp run <your_server_file.py>Environment Variables
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- FASTMCP_SERVER_AUTH_CLIENT_ID
- FASTMCP_SERVER_AUTH_CLIENT_SECRET
- FASTMCP_SERVER_AUTH_JWT_VERIFIER_PUBLIC_KEY
- FASTMCP_REDIS_URL
- UV_PROJECT_DIR
- MCP_AUTH_GITHUB_CLIENT_ID
- MCP_AUTH_GITHUB_CLIENT_SECRET
Security Notes
The library implements robust security practices, including HTML escaping for XSS prevention, X-Frame-Options for clickjacking, and secure OAuth/OIDC flows. Sensitive data (e.g., tokens) are handled using Pydantic's SecretStr. The primary security risks stem from how developers use the framework, specifically exposing untrusted input to features like `StdioTransport` (arbitrary command execution) or file system resources without proper application-level validation and authorization. Developers must ensure that paths for local scripts/files are not user-controlled and that `StdioTransport` commands are predefined and safe.
Similar Servers
mcp-use
A comprehensive framework for building full-stack Model Context Protocol (MCP) applications, including AI agents, MCP servers with UI widgets, and integrated debugging tools in both Python and TypeScript.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
mcp-interviewer
A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.