mcp-server-developer-tool
Provides a modular Go implementation of an MCP (Model Context Protocol) server. It includes tools for executing shell commands (with restrictions) and basic file operations (show/search/write), with configuration-driven allow/deny path restrictions.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The project claims path restriction for file operations and additional restrictions for the shell command tool (whitelisted utilities, allowed working directories, custom executable path checks). However, the README does not describe transport security (TLS), authentication/authorization for MCP access, logging redaction, rate limiting, or detailed error/exception handling. Shell execution and file writing tools remain high-risk if exposed or misconfigured.
⚡ Reliability
Best When
Used in a local or single-tenant environment where you can tightly configure allowed/denied filesystem paths and understand the security implications of tool-enabled agents.
Avoid When
Avoid exposing the server broadly (e.g., public network) without additional network/auth controls, and avoid running with overly permissive path settings.
Use Cases
- • Agent-assisted codebase/file exploration (read-only operations like show/search)
- • Controlled code generation or patching workflows via write file tool
- • Restricted command execution for build/test or utility runs within an allowed workspace
- • Local development MCP server setup for agent tooling using a Go MCP library
Not For
- • Unrestricted remote shell access (it appears intended to be sandboxed, not fully exposed)
- • Multi-tenant production deployments without a strong external access-control layer
- • Workflows requiring documented API contracts beyond MCP tool definitions
Interface
Authentication
The README describes filesystem restrictions but does not mention transport authentication/authorization for MCP connections.
Pricing
No pricing information provided; appears to be an open-source code repository.
Agent Metadata
Known Gotchas
- ⚠ Tool behavior is security-sensitive: shell execution and file writing depend on allow/deny path configuration.
- ⚠ Default behavior (allow only current working directory; auto-deny sensitive directories) may surprise agents if the working directory differs from expected workspace.
- ⚠ No documented retry/idempotency semantics are provided in the README, so agents should assume writes/executions may not be safe to repeat blindly.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-server-developer-tool.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.