servers
servers copied to clipboard
modelcontextprotocol
Request: Review auto-generated MCP permission manifest for Filesystem
Dear Authors / Maintainers,
We are researchers from the University of St. Gallen studying how to make Model Context Protocol (MCP) servers safer to run via a sandboxed permission system. As part of our study, we auto generated a permission manifest for your MCP server and would love your feedback on whether it is correct and complete.
The MCP server in question is: Filesystem
Please review the manifest below and let us know:
- Are the permissions and their scopes correct?
- Are any permissions missing?
- Do any permissions need to be runtime-scoped (e.g., a specific project directory) rather than global?
Proposed manifest (please review)
{
"description": "Secure Filesystem MCP server providing controlled read/write/list/search/move/edit and metadata operations limited to configured allowed directories (via CLI or MCP Roots), with symlink resolution, path normalization, and atomic writes/renames to prevent traversal and symlink/race attacks.",
"permissions": [
"mcp.ac.filesystem.read",
"mcp.ac.filesystem.write",
"mcp.ac.filesystem.delete"
]
}
Please let us know if you have any questions and/or remarks.
In case you want to see the (current) full permission system:
MCP Permission System
| Permission | Description | Notes |
|---|---|---|
mcp.ac.filesystem.read |
Read files/directories | |
mcp.ac.filesystem.write |
Write/create files | |
mcp.ac.filesystem.delete |
Delete files or directories | |
mcp.ac.system.env.read |
Read environment variables | e.g., API_KEY, PATH |
mcp.ac.system.env.write |
Set environment variables | setting the env variables |
mcp.ac.system.exec |
Execute OS commands | CLI runners, shells |
mcp.ac.system.process |
List or kill processes | |
mcp.ac.network.client |
General Outgoing network access | |
mcp.ac.network.server |
Accept incoming connections | |
mcp.ac.network.bluetooth |
Use Bluetooth connections | macOS TCC-protected |
mcp.ac.peripheral.camera |
Capture images/video | macOS TCC-controlled |
mcp.ac.peripheral.microphone |
Record audio | TCC-protected |
mcp.ac.peripheral.speaker |
Play audio | |
mcp.ac.peripheral.screen.capture |
Screen capture | Requires consent (macOS: Screen Recording) |
mcp.ac.location |
Access location data | From Wi-Fi, IP, GNSS |
mcp.ac.notifications.post |
Show system notifications | macOS/Windows |
mcp.ac.clipboard.read / .write |
Read/write clipboard | Copy-paste support |
Thank you very much for your time and your efforts in making MCP more secure.
