mcp-filesystem-server

mcp-filesystem-server is a Go implementation of an MCP (Model Context Protocol) server that exposes filesystem access to an MCP-capable client (e.g., Claude Desktop) with a configured allowlist of directories.

Evaluated Apr 04, 2026 (17d ago)
Repo ↗ DevTools mcp filesystem local-integration go
⚙ Agent Friendliness
39
/ 100
Can an agent use this?
🔒 Security
33
/ 100
Is it safe for agents?
⚡ Reliability
21
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
45
Documentation
35
Error Messages
0
Auth Simplicity
90
Rate Limits
0

🔒 Security

TLS Enforcement
0
Auth Strength
20
Scope Granularity
60
Dep. Hygiene
40
Secret Handling
50

Security posture is largely unknown from the README. The main apparent control is a directory allowlist passed as command-line args. There is no mention of authentication, encryption/TLS, audit logging, sandboxing, or operational limits (file size, recursion depth). Since it targets filesystem access, least-privilege and OS-level containment are important.

⚡ Reliability

Uptime/SLA
0
Version Stability
35
Breaking Changes
30
Error Recovery
20
AF Security Reliability

Best When

You run the server locally (or in a tightly controlled environment) and explicitly pass the directories you want the model to access.

Avoid When

You cannot restrict the accessible paths, cannot audit the server’s filesystem operations, or plan to run it in an untrusted/multi-tenant environment.

Use Cases

  • Letting an LLM safely read files from specific local directories via MCP
  • Building local toolchains where the model can browse code/docs on disk
  • Prototyping MCP integrations for filesystem-backed workflows

Not For

  • Handling sensitive production data without additional hardening
  • Exposing unrestricted filesystem access or multi-user shared hosts
  • Use as an API service over the network without verifying MCP transport and sandboxing

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: Implicit/local-process usage (no auth mentioned in README)
OAuth: No Scopes: No

README does not describe authentication/authorization beyond the directory allowlist passed as command arguments.

Pricing

Free tier: No
Requires CC: No

No pricing information provided; appears to be a self-hosted open-source tool.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Filesystem allowlist is configured via args; agent may still attempt broader paths unless the server enforces strict allowlisting
  • Running locally in an editor/desktop integration may inherit host filesystem permissions (ensure OS-level sandboxing if needed)
  • No guidance is provided in the README about limits (max file size, directory depth) or performance/error behavior

Alternatives

Other MCP filesystem servers (e.g., mark3labs/mark3labs-based implementations) Custom MCP server wrapping a restricted file reader Instead of MCP, use a dedicated local file service with explicit allowlists and auditing (then expose as MCP tool)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-filesystem-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered