Filesystem MCP Server — security audit

Filesystem MCP Server: trust score 80/100 — 3 capability surfaces.

↗ View server in catalog

Trust score

80

Grade B

Risk flags

  • Can modify files

    Restrict the working directory to a sandboxed path. Avoid pointing it at your home directory or repo with secrets.

Capability surface

  • Filesystem read

    Medium risk

    Reads files from the local machine — scoped or unscoped depending on configuration.

    Evidence: filesystem

  • Filesystem write

    High risk

    Can create, modify, or delete files on disk. High-impact if scope is broad.

    Evidence: filesystem

  • Process spawn

    Medium risk

    Launches subprocesses via docker, npx, uvx — supply-chain risk if package is compromised.

    Evidence: npx

Trust signals

Total trust score is the sum of these contributions. Each signal carries a fixed weight.

  • Verified by Loadout

    +20 / 20

    Manually verified.

  • Official author

    +15 / 15

    Maintained by the official Anthropic team.

  • Community traction

    +20 / 20

    18,500 GitHub stars.

  • Public source

    +15 / 15

    Source is publicly auditable.

  • Stability

    +0 / 15

    Stability not yet assessed.

  • Capability surface

    +10 / 15

    1 high-risk capability detected.

Disclaimer

This is an automated heuristic triage. It does not replace a hand-rolled code audit. Use it to prioritise which servers deserve a deeper look — especially anything carrying high-risk capabilities like shell execution or filesystem write.