moodle-mcp-server
by suvires
Overview
The server acts as a multi-tenant Model Context Protocol (MCP) gateway, exposing Moodle API functionalities as tools for integration with AI agents or other services.
Installation
npx tsx src/index.tsEnvironment Variables
- PORT
- TENANT1_APIKEY
- TENANT1_MOODLEURL
- TENANT1_MOODLETOKEN
- TENANT2_APIKEY
- TENANT2_MOODLEURL
- TENANT2_MOODLETOKEN
Security Notes
The server has critical security vulnerabilities. Moodle API tokens are included directly as query parameters (`wstoken`) in the URL for all Moodle API calls, which means they are highly susceptible to leakage through server logs, proxy logs, and network interception, even over HTTPS. Additionally, default API keys ('key_demo_1', 'key_demo_2') are hardcoded, potentially leading to predictable authentication in misconfigured environments. API keys are also passed in the URL path, which is not ideal for sensitive information.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
typingmind-mcp
A server for managing and integrating Model Context Protocol (MCP) servers with TypingMind, enabling custom AI model connections.
moodle-webservice_mcp
Integrates Moodle's web services with AI assistants and external systems using the Model Context Protocol (MCP), exposing Moodle functions as discoverable tools.