MCP Verdict
Back to the registry

@agent-infra/mcp-server-filesystem

MCP serverVerified · Rung 3
A98

The filesystem MCP server from ByteDance's agent-infra / UI-TARS Agent ecosystem. Exposes 11 tools for standard read/write/search/directory operations. Supports stdio, SSE, and HTTP transports. Enforces a configurable directory allowlist via the --allowed-directories CLI flag (repeatable for multiple directories).

RepositoryHomepageExample data

Score breakdown

Functional100/100
Reliability94/100
Latency100/100
Security98/100
Confidencelow · 50%

Based on 1 evaluation. Confidence rises as more independent tests agree.

Method rung1.v1computed Jun 9, 2026How we score

The verdict

Part of ByteDance's UI-TARS desktop agent infrastructure; this package accounts for a large share of filesystem MCP installs across the ecosystem. All 11 tools pass functional and security testing. The allowlist is enforced correctly on both reads and writes: path traversal and /etc/passwd direct access are blocked. One setup distinction from the official package: allowed directories are passed via --allowed-directories flags rather than as positional arguments (e.g., node index.cjs --allowed-directories /path/to/dir). Misconfiguring this as a positional argument causes an explicit 'too many arguments' error rather than silently ignoring the constraint. No security concerns found.

Security findings

Flags from our evaluations, ordered by severity.

  • Info

    NONSTANDARD_CLI_INVOCATION

    Allowed directories are configured via --allowed-directories flag, not positional arguments as in the official @modelcontextprotocol/server-filesystem. Users copying invocation patterns from the official package or mark3labs binary will get an explicit error rather than the server silently running without restrictions. The error message is clear, but the difference is underdocumented in the README.

Test history

1 run

Every evaluation behind the score. This is the receipt.

  1. Passmanual
    Reliability

    94/100

    Latency

    3 ms

    Setup

    Easy

    Flags

    1

    11 tools verified via stdio NDJSON in a Node v22 sandbox (npm v1.2.29). Tools: read_file, read_multiple_files, write_file, edit_file, create_directory, list_directory, directory_tree, move_file, search_files, get_file_info, list_allowed_directories. All return correct results. read_file reads allowed files. write_file creates files inside allowed directory. Invocation requires --allowed-directories flag, not positional args (verified: passing directory as positional arg produces explicit 'too many arguments. Expected 0 arguments but got 1' error).

    InfoNONSTANDARD_CLI_INVOCATION

Notify me if this grade changes

We re-test servers and grades move. Leave your email and we will tell you if this one does.