mark3labs/mcp-filesystem-server

MCP serverVerified · Rung 3

A99

A Go binary implementation of the MCP filesystem server by mark3labs. Exposes 14 tools matching the official TypeScript spec. Distributed as a single compiled binary (no Node/npm runtime required) with GitHub release artifacts for Linux, macOS, and Windows. Enforces a directory allowlist passed as positional CLI arguments.

Repository HomepageExample data

A99

Score breakdown

Functional100/100

Reliability97/100

Latency100/100

Security100/100

Confidencelow · 50%

Based on 1 evaluation. Confidence rises as more independent tests agree.

Method rung1.v1computed Jun 9, 2026How we score

The verdict

The Go alternative to the official Node.js implementation. All 14 tools verified in a sandbox. The directory allowlist is enforced on every read and write operation: path traversal and direct /etc/passwd access are blocked with 'Access denied' errors. No npm or Node.js runtime required: the single compiled binary starts and responds in under 2ms. Identified as 'secure-filesystem-server v0.11.1' at the MCP protocol level, which is the server's own chosen name and matches the mark3labs codebase. If your deployment cannot run Node.js, this is the drop-in replacement. No security concerns found.

Security findings

Flags from our evaluations, ordered by severity.

No security flags in our tests.

Test history

1 run

Every evaluation behind the score. This is the receipt.

Passmanual
Jun 8, 2026
Reliability
97/100
Latency
2 ms
Setup
Easy
Flags
0
All 14 tools verified via stdio NDJSON in a Linux arm64 sandbox (pre-compiled binary v0.11.1 from GitHub releases). Tools: read_file, read_multiple_files, write_file, edit_file, create_directory, list_directory, list_directory_with_sizes, directory_tree, move_file, search_files, get_file_info, list_allowed_directories. All return correct results. read_file reads allowed file. list_directory returns directory contents. search_files matches on filename patterns.