GitShow/ofershap/mcp-server-s3
ofershap

mcp-server-s3

MCP server for AWS S3 — list buckets, browse objects, upload/download, presigned URLs

by ofershap
aiawsclaudecloudcursorllmmcpmcp-server
Star on GitHubForknpm

TypeScript

2 stars1 forks2 contributorsQuiet · 3mo agoSince 2026MIT

Meet the team

See all 2 on GitHub →
oferlmntr
oferlmntr13 contributions
ofershap
ofershap1 contribution

Languages

View on GitHub →
TypeScript98.5%
JavaScript1.5%

Commit activity

Last 12 weeks · 0 commits

Full graph →

Community health

2 of 6 standards met

Community profile →
42
✓README✓License○Contributing○Code of Conduct○Issue Template○PR Template

Recent PRs & issues

Quiet · 2 discussions · Last activity 3mo ago
See all on GitHub →
nkar123412-hub
Security: Lack of Bucket Validation (Potential Cross-Bucket Access)OpenIssue

I have analyzed the implementation of the S3 MCP server and found that it lacks any validation of the bucket names provided by the user. Vulnerability: In functions like , , , and , the parameter is taken directly from the tool input and passed to the AWS SDK without any checks. Example from : async function getObject(bucket: string, key: string) { const client = createClient(); const result = await client.send( new GetObjectCommand({ Bucket: bucket, Key: key }), ); // ... } If the MCP server is running with an IAM role that has access to multiple S3 buckets (or broadly to s3:*), any user of the MCP server can access, modify, or delete data in any of those buckets, even if they were not intended to be exposed via this server. Attack Scenario: 1. An attacker calls to discover all available buckets in the account. 2. The attacker identifies a sensitive bucket (e.g., 'company-private-backups'). 3. The attacker uses and to exfiltrate sensitive data from that bucket. Recommendation: Implement a whitelist of allowed buckets in the server configuration. Verify that the requested bucket is in the allowlist before executing any AWS SDK command. Ensure the server's IAM role follows the principle of least privilege, granting access only to the specifically required buckets.

nkar123412-hub · 3w ago
nkar123412-hub
Security: Broken Access Control (BOLA) in S3 OperationsOpenIssue

I have discovered a critical security vulnerability in the server's implementation of S3 operations. Vulnerability: The server provides tools for listing buckets, listing objects, getting, putting, and deleting objects. However, none of these functions implement any form of authorization or access control. The and parameters are passed directly from the MCP tool arguments to the AWS SDK. PoC: An attacker can: 1. Call to discover all buckets available in the AWS account. 2. Call with any discovered bucket name to explore its contents. 3. Call or on any bucket/key combination. This allows any user of the MCP server to access, modify, or delete any data in any S3 bucket that the server's AWS credentials have access to. Recommendation: Implement a strict access control list (ACL) or a whitelist of allowed buckets and prefixes. Ensure that the server validates whether the current user is authorized to access the requested bucket and key before calling the AWS SDK.

nkar123412-hub · 3w ago

Recent fixes

View closed PRs →
ElishaKay
docs: add Fronteir AI hosted deployment optionMergedPR

Love the project! Adds a short note in the README that a hosted deployment is available on Fronteir AI

ElishaKay · 1mo ago
punkpeye
add MCP server badgeMergedPR

This PR adds a badge for the mcp-server-s3 server listing in Glama MCP server directory. Glama performs regular codebase and documentation checks to: Confirm that the MCP server is working as expected Confirm that there are no obvious security issues Extract server characteristics such as tools, resources, prompts, and required parameters. This badge helps your users to quickly assess that the MCP server is safe, server capabilities, and instructions for installing the server.

punkpeye · 3mo ago
Structured data for AI agents

Repository: ofershap/mcp-server-s3. Description: MCP server for AWS S3 — list buckets, browse objects, upload/download, presigned URLs Stars: 2, Forks: 1. Primary language: TypeScript. Languages: TypeScript (98.5%), JavaScript (1.5%). License: MIT. Topics: ai, aws, claude, cloud, cursor, llm, mcp, mcp-server, model-context-protocol, s3, storage, typescript. Open PRs: 0, open issues: 2. Last activity: 3mo ago. Community health: 42%. Top contributors: oferlmntr, ofershap.

·@ofershap

Replace github.com with gitshow.dev