openapi-mcp-server
Verified Safeby sotayamashita
Overview
Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.
Installation
bun run src/index.ts --api <openapi_spec_path_or_url>Environment Variables
- BASE_URL
- HEADERS
Security Notes
The server uses `JSON.parse` on the `HEADERS` environment variable. While typically controlled by the user running the server, this could be a deserialization vulnerability if the environment variable can be maliciously manipulated remotely. The `operationId` from the OpenAPI spec is dynamically used to call `apiClientInstance[operationId]`; a maliciously crafted OpenAPI spec could potentially exploit this if `openapi-client-axios` has unknown vulnerabilities related to dynamic method invocation. No `eval` or direct command injection patterns were found. The use of well-known libraries (`@scalar/openapi-parser`, `openapi-client-axios`, `zod`) generally contributes to security.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
ncp
NCP acts as a universal adapter and orchestrator for Model Context Protocol (MCP) servers and tools. It provides a unified interface for discovery, execution, and management of diverse tools (local CLI, HTTP APIs, internal plugins/Photons, AI skills) through natural language and structured code interaction, enabling AI agents to interact with the broader digital ecosystem.