Filesystem MCP Server
VerifiedSecure, sandboxed filesystem access enabling agents to list, read, write, create, move, delete, search files and directories within allowed paths.
Install
Claude Code
Add to .claude/skills/ About This Skill
# Filesystem MCP Server
> Secure File Operations for AI Agents
Official MCP reference implementation providing safe, sandboxed filesystem access with fine-grained permission controls.
Why Filesystem MCP?
๐ Security-First Design - **Sandboxed Access**: Agents can only access explicitly allowed directories - **Permission Controls**: Read-only, write, or full access per directory - **Path Validation**: Prevents directory traversal and unauthorized access - **Audit Trail**: All operations logged for security review
๐ค Essential for Agent Workflows Most agent tasks involve files: - Reading documentation - Writing code files - Analyzing logs - Generating reports - Managing project files - Organizing content
๐ฆ Zero External Dependencies Pure implementation using Node.js built-in modules. No external API dependencies or rate limits.
Installation
```bash # Official reference implementation npm install -g @modelcontextprotocol/server-filesystem
# Or build from source git clone https://github.com/modelcontextprotocol/servers cd servers/src/filesystem npm install npm run build ```
Configuration
Add to your MCP client config:
```json { "mcpServers": { "filesystem": { "command": "npx", "args": [ "-y", "@modelcontextprotocol/server-filesystem", "/Users/yourname/Documents", "/Users/yourname/Projects" ] } } } ```
Arguments = allowed directories (one or more paths)
Permission Modes
Read-Only Access: ```json "args": ["--read-only", "/path/to/docs"] ```
Full Access (default): ```json "args": ["/path/to/workspace"] ```
Example Configurations
#### Development Workspace ```json { "mcpServers": { "filesystem": { "command": "npx", "args": [ "-y", "@modelcontextprotocol/server-filesystem", "/Users/dev/projects", "/Users/dev/workspace" ] } } } ```
#### Documentation Access (Read-Only) ```json { "mcpServers": { "filesystem": { "command": "npx", "args": [ "-y", "@modelcontextprotocol/server-filesystem", "--read-only", "/Users/docs/knowledge-base" ] } } } ```
Available Tools
Directory Operations
#### 1. List Directory (`list_directory`) ``` Agent: "What files are in my Projects folder?" Agent: "Show contents of /workspace/src" ```
- Returns:
- File names
- File types (file, directory, symlink)
- File sizes
- Last modified timestamps
#### 2. Create Directory (`create_directory`) ``` Agent: "Create a new folder called 'components'" Agent: "Make directory /workspace/tests" ```
#### 3. Move/Rename (`move_file`) ``` Agent: "Rename old-name.txt to new-name.txt" Agent: "Move report.pdf to /Documents/Reports/" ```
File Operations
#### 4. Read File (`read_file`) ``` Agent: "Read the contents of config.json" Agent: "Show me the README.md file" ```
- Supports:
- Text files (UTF-8)
- JSON, YAML, XML
- Markdown, code files
- Large files (streaming)
#### 5. Write File (`write_file`) ``` Agent: "Create a file called notes.txt with meeting notes" Agent: "Write the generated code to src/index.ts" ```
#### 6. Edit File (`edit_file`) ``` Agent: "Replace 'version: 1.0' with 'version: 2.0' in package.json" Agent: "Add a new function to utils.js" ```
#### 7. Get File Info (`get_file_info`) ``` Agent: "When was report.pdf last modified?" Agent: "What's the size of data.csv?" ```
- Returns:
- File size (bytes)
- Creation time
- Last modified time
- Permissions
- File type
Advanced Operations
#### 8. Search Files (`search_files`) ``` Agent: "Find all Python files in the project" Agent: "Search for files containing 'API_KEY'" ```
- Search by:
- File name pattern (glob)
- File content (regex)
- File type
- Date modified
#### 9. Delete File (`delete_file`) ``` Agent: "Delete the temporary log files" Agent: "Remove old-backup.zip" ```
- Safety:
- Requires confirmation for large files
- Cannot delete files outside allowed directories
- Logged for audit
Agent Workflow Examples
Code Generation ``` Human: "Create a React component for a login form"
- Agent:
- create_directory("/workspace/components")
- write_file("/workspace/components/LoginForm.tsx", generated_code)
- write_file("/workspace/components/LoginForm.test.tsx", test_code)
- "Created LoginForm component at components/LoginForm.tsx"
- ```
Log Analysis ``` Human: "Analyze error logs and summarize issues"
- Agent:
- list_directory("/var/log/app")
- read_file("/var/log/app/error.log")
- search_files(pattern="ERROR", path="/var/log/app")
- generate_summary()
- write_file("/reports/error-summary.md", summary)
- ```
Project Organization ``` Human: "Organize my documents by type"
- Agent:
- list_directory("/Documents")
- For each file:
- - get_file_info(file)
- - Determine file type
- - create_directory("/Documents/[type]")
- - move_file(file, destination_folder)
- ```
Documentation Generation ``` Human: "Generate API documentation from code comments"
- Agent:
- search_files(pattern="*.ts", path="/src")
- For each file:
- - read_file(file)
- - extract_doc_comments()
- Generate markdown docs
- write_file("/docs/API.md", generated_docs)
- ```
Security Model
Sandbox Enforcement
- What Agents CAN Do:
- โ Access explicitly allowed directories
- โ Create/read/write files within allowed paths
- โ List directory contents
- โ Search within allowed paths
- What Agents CANNOT Do:
- โ Access parent directories (`../`)
- โ Access system files (`/etc/`, `/sys/`)
- โ Follow symlinks outside allowed paths
- โ Execute binaries or scripts
- โ Modify file permissions
Path Validation
``` Allowed: /Users/dev/projects Agent tries: /Users/dev/projects/src/index.ts โ โ Allowed Agent tries: /Users/dev/projects/../secret โ โ Blocked Agent tries: /etc/passwd โ โ Blocked ```
Best Practices
- Principle of Least Privilege
- - Grant only necessary directories
- - Use `--read-only` when write not needed
- Never Allow Root Access
- - Don't add `/` or system directories
- - Restrict to user workspace
- Audit Agent Actions
- - Review MCP server logs regularly
- - Monitor for unexpected file access patterns
- Separate Sensitive Data
- - Keep credentials, keys in separate directories
- - Don't include in allowed paths
Use Cases
๐ Content Management Agents generate blog posts, reports, documentation and save to organized folders.
๐ค Code Assistants Read project files, generate code, create tests, update configurations.
๐ Data Analysis Read CSV/JSON data files, analyze, generate reports and visualizations.
๐๏ธ File Organization Scan directories, categorize files, move to appropriate folders, cleanup duplicates.
๐ Knowledge Base Index markdown files, search documentation, extract information, update wikis.
๐ Log Analysis Parse log files, identify errors, generate summaries, create alerts.
Performance
Large Files - Streaming for files >10MB - Incremental reads supported - Memory-efficient processing
Directory Scanning - Recursive search optimized - Glob pattern matching - Ignore patterns (e.g., `node_modules/`)
Concurrent Operations - Safe for parallel file access - Atomic write operations - File locking where needed
Troubleshooting
"Permission denied" Error - Verify path is in allowed directories - Check filesystem permissions - Ensure MCP server has read/write access
"Path not found" Error - Confirm directory exists - Check for typos in path - Verify path format (absolute vs relative)
Read-Only Mode Issues - Can't write in `--read-only` mode - Reconfigure server with write access if needed
vs Other File Access Methods
| Method | Security | Agent Integration | Setup | |--------|----------|-------------------|-------| | Filesystem MCP | โ Sandboxed | โ Auto-discovered | Simple | | Direct FS Access | โ Full system | โ Manual | None | | File Upload/Download | โ Manual control | โ ๏ธ Limited | Complex | | Cloud Storage API | โ API-level | โ ๏ธ Requires SDK | Complex |
Resources
- GitHub: https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem
- MCP Docs: https://modelcontextprotocol.io/
- Security Best Practices: https://modelcontextprotocol.io/docs/concepts/security
Advanced Configuration
```json { "mcpServers": { "filesystem": { "command": "node", "args": [ "/path/to/filesystem-server/build/index.js", "/workspace", "/documents" ], "env": { "MAX_FILE_SIZE": "10485760", "ENABLE_LOGGING": "true", "LOG_PATH": "/var/log/mcp-filesystem.log" } } } } ```
---
Safe, secure filesystem access for agents: From code generation to log analysis, Filesystem MCP is the foundation for agent file operations.
Use Cases
- Access the local filesystem through a standardized MCP server interface
- Enable AI agents to read, write, and manage files via MCP tool calls
- Integrate filesystem operations with other MCP-based tools in unified workflows
- Provide sandboxed filesystem access with configurable path restrictions
- Build file processing pipelines using MCP's standardized tool protocol
Pros & Cons
Pros
- + MCP standardization enables consistent filesystem access across different AI clients
- + Path restriction configuration provides security boundaries for file access
- + Integrates naturally with other MCP tools for combined workflows
Cons
- - MCP server overhead for operations that could be done with simple file commands
- - Only available on claude-code and openclaw platforms
- - Requires MCP server setup and client configuration
Frequently Asked Questions
What does Filesystem MCP Server do?
Secure, sandboxed filesystem access enabling agents to list, read, write, create, move, delete, search files and directories within allowed paths.
What platforms support Filesystem MCP Server?
Filesystem MCP Server is available on Claude Code, OpenClaw.
What are the use cases for Filesystem MCP Server?
Access the local filesystem through a standardized MCP server interface. Enable AI agents to read, write, and manage files via MCP tool calls. Integrate filesystem operations with other MCP-based tools in unified workflows.
Stay Updated on Agent Skills
Get weekly curated skills + safety alerts