Agentifact assessment — independently scored, not sponsored. Last verified Mar 6, 2026.
MCP Filesystem Server
The reference MCP implementation with excellent protocol support, dragged down by two 2025 CVEs and missing server-level changelog.
Viable option — review the tradeoffs
You need your AI agent to securely read, write, search, and manage files without custom integration code or exposing the full filesystem.
Excellent MCP compliance for reliable ops; fast local performance but watch for the two 2025 CVEs—patch promptly. No server changelog means tracking updates via GitHub.
You want composable file access in agent workflows without building from scratch.
Solid for local dev/testing; Roots prevent overreach but test thoroughly post-CVE patches. Quirky lack of changelog complicates versioning.
2025 Security CVEs
Two documented vulnerabilities from 2025 require patching; unpatched installs risk filesystem exploits via MCP tools.
No Server Changelog
Missing release notes force reliance on GitHub commits for changes, slowing stability assessment and upgrades.
CVE Patch Required
Unpatched 2025 CVEs expose filesystem; always check GitHub issues/PRs for fixes before production use—don't assume reference impl is secure out-of-box.
Trust Breakdown
What It Actually Does
Lets applications read and write files on a server through a standardized protocol so agents can interact with your filesystem safely. It's the official reference implementation but has known security vulnerabilities from 2025.
The reference MCP implementation with excellent protocol support, dragged down by two 2025 CVEs and missing server-level changelog.
Fit Assessment
Best for
- ✓file-operations
Score Breakdown
Protocol Support
Capabilities
Governance
- permission-scoping
- resource-limits