fs-mcp-server
Provides a local Model Context Protocol (MCP) server that exposes filesystem operations (list/read/write-like operations, mkdir/delete/copy/move, info, search, edit, and list_allowed_dirs). All operations are intended to be constrained to configured allowed absolute directories.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security is primarily based on path validation and an allowed-directories allowlist; README claims rejection of access outside allowed dirs to prevent traversal. However, no authentication/authorization model is described, and because it is a local stdio MCP server, TLS is not applicable; the primary risk is misconfiguration of allowed directories and overbroad OS/process permissions. Dependency/vulnerability hygiene cannot be assessed from provided content.
⚡ Reliability
Best When
You need local filesystem access for an MCP client where you can tightly configure allowed directories and enforce OS-level isolation/permissions.
Avoid When
You cannot guarantee safe configuration of allowed directories or you cannot provide OS/container isolation; also avoid when you require fine-grained auditing/authorization beyond directory allowlisting.
Use Cases
- • Building an MCP client toolchain to inspect and modify files in a controlled local workspace
- • Automated codebase search (grep-like) within approved directories
- • LLM-assisted refactoring/editing of specific files using structured edit operations (with optional backups)
- • Sandboxed access to local filesystem resources for development assistants
Not For
- • Managing remote or multi-tenant filesystem access over a network without additional isolation
- • Handling highly sensitive data without stronger operational controls (e.g., least-privilege OS permissions, container sandboxing)
- • High-throughput bulk file transfer use cases beyond what max-file-size/timeouts support
Interface
Authentication
No authentication mechanism is described in the README; access appears governed by process-level execution and the configured allowed directories/path validation.
Pricing
Open-source library/server; no pricing information provided.
Agent Metadata
Known Gotchas
- ⚠ No explicit auth scheme is documented; agents should assume they only have access to what the server is configured to allow and should not expect user-based authorization.
- ⚠ Path inputs must be full absolute paths within allowed directories; agents must avoid relative paths and should expect rejections for paths outside the allowlist.
- ⚠ Mutating tools (write/delete/edit/copy/move) are likely non-idempotent depending on implementation; agents should plan carefully and use backups where available (e.g., edit.backup).
- ⚠ Search may be time-bounded (timeout_secs) and size-bounded (max_file_size/max_results); agents should handle truncated/limited result sets.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for fs-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.