I
io.github.wso2/fhir-mcp-server
@modelcontextprotocol/inspector
MCP server providing seamless access to FHIR APIs for AI tools and healthcare applications
No known CVEs
No license
Actively maintained
Last commit 7d ago
Works with most clients
Transport: stdio, http
5 tools · ~208 tok
Grade A · 0.1% of 200K ctx
Step 1
Install in your client
Config is the same across clients — only the file and path differ.
CD
Supported in Claude Desktopstdio, http · Node 18+
Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"fhir": {
"args": [
"-y",
"mcp-remote",
"http://localhost:8000/mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Embed in your READMEAbout badges →
[](https://mcppedia.org/s/io-github-wso2-fhir-mcp-server)
Read me
What io.github.wso2/fhir-mcp-server does
The FHIR MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with FHIR APIs. Designed for developers, integrators, and healthcare innovators, this server acts as a bridge between modern AI/LLM tools and healthcare data, making it easy to search, retrieve, and analyze clinical information.
Test This Server
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@modelcontextprotocol/inspector' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Loading README…
Scored, not listed
Why this score
Five weighted categories — click any category to see the underlying evidence.
Score breakdown
95/100across 5 weighted dimensions
0255075100
30
20
20
15
10
−5
Security
Maintenance
Efficiency
Documentation
Compatibility
Categoriesclick a row to see evidence
Security
OSV.dev2 fixed
CVE-2025-58444medium · fixedCVSS 4
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
An XSS flaw exists in the MCP Inspector local development tool when it renders a redirect URL returned by a remote MCP server. If the Inspector connects to an untrusted server, a crafted redirect can inject script into the Inspector context and, via the built-in proxy, be leveraged to trigger arbitrary command execution on the developer machine. Version 0.16.6 hardens URL handling/validation and prevents script execution. > Thank you to the following researchers for their reports and contributi
CVE-2025-49596medium · fixedCVSS 4
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. Credit: Rémy Marot <bughunters@tenable.com>
Inventory
Tools (5)
Click any tool to inspect its schema.
~208 tokens total
Community
Reviews
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
How easy was setup?Did it work reliably?How was the documentation?
Sign in to write a review.
Frequently Asked Questions
- Is io.github.wso2/fhir-mcp-server safe to use?
- io.github.wso2/fhir-mcp-server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
- How do I install io.github.wso2/fhir-mcp-server?
- io.github.wso2/fhir-mcp-server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
- What can io.github.wso2/fhir-mcp-server do?
- io.github.wso2/fhir-mcp-server provides 5 tools: search_fhir_resources, retrieve_fhir_resource, create_fhir_resource, update_fhir_resource, delete_fhir_resource. See the full tools list on the server page for descriptions and parameters.
- What AI clients work with io.github.wso2/fhir-mcp-server?
- io.github.wso2/fhir-mcp-server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
- Is io.github.wso2/fhir-mcp-server actively maintained?
- io.github.wso2/fhir-mcp-server is actively maintained — last commit was 7 days ago. It has 119 GitHub stars.
Related
Similar servers
Others in health
W
Withings MCP Server91MCP server for Withings health data — sleep, activity, heart, and body metrics.
22 11
Hevy Mcp90Manage your Hevy workouts, routines, folders, and exercise templates. Create and update sessions faster, organize plans, and search exercises to build workouts quickly. Stay synced with changes so your training log is always up to date.
226 19
Clinicaltrialsgov Mcp Server90MCP server for the ClinicalTrials.gov v2 API. Search trials, retrieve study details and results, and match patients to eligible trials.
72 7
Fhir Mcp Server90FHIR MCP Server – helping you expose any FHIR Server or API as a MCP Server.
118 3
MCP Security Weekly
Get CVE alerts and security updates for io.github.wso2/fhir-mcp-server and similar servers.
Community
Discussion
Start a conversation
Ask a question, share a tip, or report an issue.
Has anyone used this with Cursor?How do you handle auth?Any alternatives?
Sign in to join the discussion.
