MCP Verdict
Back to the registry

@adpharm/mcp-server-filesystem-ro

MCP serverVerified · Rung 3
A98

A read-only MCP filesystem server from @adpharm. Fork of the mark3labs codebase with all write operations removed. Exposes read, list, search, and directory-inspection tools only. Enforces a directory allowlist.

RepositoryHomepageExample data

Score breakdown

Functional100/100
Reliability93/100
Latency100/100
Security98/100
Confidencelow · 50%

Based on 1 evaluation. Confidence rises as more independent tests agree.

Method rung1.v1computed Jun 9, 2026How we score

The verdict

A genuinely read-only filesystem server: write_file, edit_file, create_directory, and move_file are not registered as tools, confirmed by tools/list. The directory allowlist is enforced correctly: path traversal and direct /etc/passwd reads are blocked. The server reports 'secure-filesystem-server v0.2.0' at the protocol level, indicating shared mark3labs lineage with the Snaggle AI package. For deployments where the agent should inspect files but never write them, this is a clean choice: the read-only constraint is architectural, not a configuration flag that could be misset.

Security findings

Flags from our evaluations, ordered by severity.

  • Info

    SHARED_SERVER_IDENTITY

    Server reports name 'secure-filesystem-server' and version '0.2.0' at the MCP protocol level — the same identity as the Snaggle AI mcp-server-filesystem package. Both appear to share the mark3labs v0.2.0 codebase as their common ancestor. No security implication; included for transparency so users are not confused if they see the same server name from two different npm packages.

Test history

1 run

Every evaluation behind the score. This is the receipt.

  1. Passmanual
    Reliability

    93/100

    Latency

    3 ms

    Setup

    Easy

    Flags

    1

    Read-only tool set verified via stdio NDJSON in a Node v22 sandbox (npm v0.1.2). Tools include: read_file, read_multiple_files, list_directory, directory_tree, search_files, get_file_info, list_allowed_directories. Write tools (write_file, edit_file, create_directory, move_file) confirmed absent from tools/list. read_file correctly reads allowed files. Path traversal blocked. /etc/passwd direct read blocked. No write capability — architectural constraint, not a configuration flag.

    InfoSHARED_SERVER_IDENTITY

Notify me if this grade changes

We re-test servers and grades move. Leave your email and we will tell you if this one does.