dropbox-mcp-server
Dropbox MCP server (Go) that exposes Dropbox functionality (auth, file/folder operations, sharing, and revision history/restore) to AI assistants via the Model Context Protocol. Supports OAuth2 and large-file chunked uploads (per README).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README advises not to share/embed CLIENT_SECRET and indicates OAuth2 with state parameter for CSRF protection and HTTPS for API calls. Tokens are stored in a local config file with 0600 permissions; credentials can be provided via environment variables. However, dependency hygiene and detailed security implementation details (e.g., where client secrets/token logs are handled, whether secrets are redacted, CVE status) are not evidenced in the provided content.
⚡ Reliability
Best When
Used with a compatible MCP host (e.g., Claude Desktop) where OAuth and local configuration are acceptable.
Avoid When
Avoid if you cannot control where client secrets/tokens are stored (local config) or if you need documented, fine-grained operational guarantees (rate limits, error codes, idempotency).
Use Cases
- • Enable an AI assistant to browse and manipulate a user's Dropbox files and folders
- • Automate routine file workflows (search, download, upload, move/copy/delete) through MCP tool calls
- • Create/manage/revoke Dropbox shared links via an AI assistant
- • Assist with document recovery by fetching revision history and restoring prior versions
- • Upload large files to Dropbox via chunked uploads
Not For
- • Scenarios requiring server-to-server automated uploads without interactive OAuth/user consent
- • Workloads that need a web API/SDK for direct programmatic HTTP access (this is primarily an MCP server)
- • Use cases requiring strict enterprise compliance evidence beyond README-level security guidance
- • Bulk/high-frequency operations that need clearly documented rate-limit strategy
Interface
Authentication
README indicates Dropbox OAuth2 with client ID/secret, redirect URI http://localhost:8080/callback, and tool-driven auth. Tokens are saved locally to ~/.dropbox-mcp-server/config.json and refreshed when expired.
Pricing
No pricing information provided for the server itself; Dropbox API access may have its own account/plan requirements.
Agent Metadata
Known Gotchas
- ⚠ Mutating operations (upload/move/copy/delete/share creation/revocation) may not be idempotent; retries could cause duplicates or unintended changes.
- ⚠ Large-file upload behavior is described at a high level, but chunking parameters/retry behavior are not documented.
- ⚠ Auth uses a localhost redirect URI; hosting environments where localhost callbacks are blocked may require manual configuration changes.
- ⚠ Configuration uses local file storage for tokens; agents/hosts that run in ephemeral containers may need re-auth each session.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for dropbox-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.