Is Mcp From Openapi safe to use?

Mcp From Openapi has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Mcp From Openapi?

Mcp From Openapi supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Mcp From Openapi?

Mcp From Openapi is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.

Is Mcp From Openapi actively maintained?

Mcp From Openapi is actively maintained — last commit was 0 days ago. It has 143 GitHub stars.

Mcp From Openapi

Production-ready library for converting OpenAPI specifications into MCP tool definitions

ActiveNot tested

Developer Tools

★ 143↓ 8.7k/wknpm GitHub

61BNo CVEsactive

Quick Install

{
  "mcpServers": {
    "mcp-from-openapi": {
      "args": [
        "-y",
        "mcp-from-openapi"
      ],
      "command": "npx"
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-from-openapi)](https://mcppedia.org/s/mcp-from-openapi)

Should you use this server?

Production-ready library for converting OpenAPI specifications into MCP tool definitions

✓

Is it safe?

No known CVEs for mcp-from-openapi. 1 previously resolved.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 0 days ago. 143 stars. 8,672 weekly downloads.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'mcp-from-openapi' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

61B

Last scored just now

How we score →

Security

20/30

No open vulnerabilities. 1 fixed CVE.

✓

Known CVEs — No known CVEs for mcp-from-openapicheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability

Advisories (0 open, 1 fixed)

lowCVSS 3.1CVE-2026-39885Fixed

mcp-from-openapi is Vulnerable to SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications

## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-parser` to dereference `$ref` pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing `$ref` values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during the `initialize()` call. This enables Server-Side Request Forgery (SSRF) and local file read attacks

Affected: >= 0Fixed in 2.3.0Published Apr 8, 2026source \u2192

Frequently Asked Questions

Is Mcp From Openapi safe to use?: Mcp From Openapi has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp From Openapi?: Mcp From Openapi supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp From Openapi?: Mcp From Openapi is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.
Is Mcp From Openapi actively maintained?: Mcp From Openapi is actively maintained — last commit was 0 days ago. It has 143 GitHub stars.

Mcp From Openapi

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Advisories (0 open, 1 fixed)

Reviews

Frequently Asked Questions

Similar servers

XcodeBuildMCP

Gemini Cli

Nitrostack

Jcodemunch Mcp

Discussion