m365cp
by the-sage-group
Overview
This server exposes Microsoft 365 Graph API functionalities (user, drive, mail) as a Model Context Protocol (MCP) server, allowing AI models to interact with M365 services via defined tools.
Installation
node dist/index.jsEnvironment Variables
- PORT
Security Notes
CRITICAL VULNERABILITY: The `MicrosoftGraphTokenVerifier` explicitly decodes JWT access tokens without verifying their signature, relying solely on the Microsoft Graph API for verification. This means an attacker can craft a token (e.g., using `alg: "none"`) and include arbitrary `clientId`, `scopes`, or `expiresAt` claims in the `authInfo` object passed to the MCP tools. While actual Microsoft Graph API calls will fail if the token is truly invalid, any internal authorization logic or feature toggles within the MCP server's tools that rely on the contents of `extra.authInfo` could be bypassed, leading to unauthorized actions or information disclosure.
Similar Servers
tiger-gh-mcp-server
Provides focused tools to LLMs for interacting with GitHub repositories and data via the Model Context Protocol.
thoughtbox
Provides cognitive enhancement tools for LLM agents, enabling structured reasoning, mental modeling, and interactive literate programming with JavaScript/TypeScript execution.
tiger-salesforce-mcp-server
This server acts as a wrapper around a Salesforce database, providing focused tools like semantic search of case summaries and retrieval of case details to LLMs via the Model Context Protocol.
mcp-server
Integrate AI-powered tools with Kontent.ai to manage structured content via natural language, enabling rapid prototyping and data visualization.