mcp-openapi-schema-explorer
Verified Safeby kadykov
Overview
Provides token-efficient, on-demand access to OpenAPI and Swagger specifications for MCP clients (like LLMs) by exposing parts of the specification via resource templates.
Installation
npx -y mcp-openapi-schema-explorer@latest https://petstore3.swagger.io/api/v3/openapi.json --output-format jsonSecurity Notes
The server primarily parses and traverses OpenAPI/Swagger specifications. The main attack surface is the `specPath` argument, which can be a local file path or a remote URL. While the server doesn't execute arbitrary code directly from the spec content, a malicious or extremely large/malformed spec could potentially lead to DoS or parser vulnerabilities in the `swagger2openapi` library or underlying JSON/YAML parsers. All URI path components are URL-encoded, and object lookups use Maps to mitigate prototype pollution.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
MyMCP
Dynamically convert any OpenAPI v3 specification into a fully-functional Model Context Protocol (MCP) server, exposing external APIs as MCP tools.
openapi-mcp-server
Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.
rest-to-mcp-adapter
Transforms REST API specifications (OpenAPI, Swagger, OpenAPI Actions) into Model Context Protocol (MCP) tools, enabling AI agents like Claude and GPT to interact with any REST API.