workflowy
Verified Safeby mholzen
Overview
Connect AI assistants to Workflowy data and outlines for search, bulk operations, and reporting, or manage Workflowy via CLI.
Installation
workflowy mcp --expose=all --log-file=/tmp/workflowy-mcp.logEnvironment Variables
- WORKFLOWY_API_KEY
Security Notes
The `workflowy_transform` MCP tool and CLI `transform` command include an `--exec` flag that allows execution of arbitrary shell commands on the host machine. If the MCP server is run with `--expose=all` (or `--expose=transform`) and connected to an AI assistant, a malicious or poorly-constrained AI could execute arbitrary local code. While the `--write-root-id` feature provides sandboxing for Workflowy data operations, it does NOT mitigate the risk of local shell command execution via `--exec`. Users must exercise extreme caution when exposing `workflowy_transform` to AI assistants or when using the `--exec` flag directly. API keys are managed responsibly via file permissions and environment variables, not hardcoded.
Similar Servers
mcp-devtools
A high-performance MCP server providing a unified interface to essential developer tools, featuring OAuth 2.0/2.1 authorization and a multi-layered security framework.
mcp-cli
A command-line interface tool for managing Model Context Protocol (MCP) server configuration files across various AI tools.
mcp
Provides an MCP server to integrate Large Language Models with Teamwork.com for project management and helpdesk operations.
mcp-cli-ent
Orchestrates Model Context Protocol (MCP) servers and their tools on-demand for AI agents, without loading tool definitions directly into the agent's context window.