MCP Verdict
Back to the registry

mcp-filesystem (Develasquez)

MCP serverVerified · Rung 3
A91

Filesystem MCP server with directory allowlist enforcement via command-line arguments. 15 tools including read, write, edit, copy, delete, directory operations, and file info. Code structure mirrors the Anthropic reference implementation pattern.

RepositoryHomepageExample data

Score breakdown

Functional100/100
Reliability78/100
Latency100/100
Security90/100
Confidencelow · 50%

Based on 1 evaluation. Confidence rises as more independent tests agree.

Method rung1.v1computed Jun 9, 2026How we score

The verdict

Functionally solid and security-correct: all 15 tools pass, the directory allowlist is enforced, and path traversal is blocked with a clear error. The server refuses to start without at least one directory argument, matching the safe-default behavior of the official server. The concern here is not the code but the package. Three versions, no source repository link in package.json, an author with no public profile, and a server that identifies itself as 'secure-filesystem-server' (the same internal name the official Anthropic package uses) raise enough questions about provenance and ongoing maintenance to warrant caution. The code works today. Whether it will be maintained, whether vulnerabilities will be patched, and whether the upstream relationship with the official server is intentional are all unknown. If you need the official server pattern, use the official package directly.

Security findings

Flags from our evaluations, ordered by severity.

  • Low

    UNCLEAR_PROVENANCE

    Package has 3 published versions. package.json contains no repository or bugs URL fields. The author (Develasquez) has no verifiable public profile linked from npm. The server identifies itself as 'secure-filesystem-server v0.0.3', sharing the internal server name with the official Anthropic package. The relationship between this package and the official server is not documented, raising questions about whether it is a maintained fork, an abandoned copy, or something else entirely.

  • Info

    MAINTENANCE_STATUS_UNKNOWN

    No changelog, no GitHub releases, no activity signals available from npm metadata. Version 0.0.3 suggests early/experimental status. It is not known whether security patches or compatibility updates will be issued.

Test history

1 run

Every evaluation behind the score. This is the receipt.

  1. Passmanual
    Reliability

    78/100

    Latency

    4 ms

    Setup

    Easy

    Flags

    2

    All core operations verified via sandbox (Node v22). 15 tools available: read_file, read_multiple_files, list_directory, directory_tree, search_files, get_file_info, write_file, create_directory, edit_file, move_file, copy_file, copy_directory, delete_file, delete_directory, list_allowed_directories. read_file, list_directory, and write_file all return correct results. Path traversal to /etc/passwd blocked: 'Error: Access denied - path is outside allowed directories.' Server exits with usage error if no directory argument is provided.

    LowUNCLEAR_PROVENANCEInfoMAINTENANCE_STATUS_UNKNOWN

Notify me if this grade changes

We re-test servers and grades move. Leave your email and we will tell you if this one does.