mcp-graphql

  1. ALMC
  2. MCP
  3. development
  4. mcp-graphql
mcp-graphql - Secure MCP Server by ALMC Security 2025

mcp-graphql

View on GitHub

mcp-graphql

smithery badge

A Model Context Protocol server that enables LLMs to interact with GraphQL APIs. This implementation provides schema introspection and query execution capabilities, allowing models to discover and use GraphQL APIs dynamically.

Usage

Run mcp-graphql with the correct endpoint, it will automatically try to introspect your queries.

Command Line Arguments

ArgumentDescriptionDefault
--endpointGraphQL endpoint URLhttp://localhost:4000/graphql
--headersJSON string containing headers for requests{}
--enable-mutationsEnable mutation operations (disabled by default)false
--nameName of the MCP servermcp-graphql
--schemaPath to a local GraphQL schema file (optional)-

Examples

# Basic usage with a local GraphQL server
npx mcp-graphql --endpoint http://localhost:3000/graphql

# Using with custom headers
npx mcp-graphql --endpoint https://api.example.com/graphql --headers '{"Authorization":"Bearer token123"}'

# Enable mutation operations
npx mcp-graphql --endpoint http://localhost:3000/graphql --enable-mutations

# Using a local schema file instead of introspection
npx mcp-graphql --endpoint http://localhost:3000/graphql --schema ./schema.graphql

Available Tools

The server provides two main tools:

  1. introspect-schema: This tool retrieves the GraphQL schema. Use this first if you don't have access to the schema as a resource. This uses either the local schema file or an introspection query.

  2. query-graphql: Execute GraphQL queries against the endpoint. By default, mutations are disabled unless --enable-mutations is specified.

Resources

  • graphql-schema: The server exposes the GraphQL schema as a resource that clients can access. This is either the local schema file or based on an introspection query.

Installation

Installing via Smithery

To install GraphQL MCP Toolkit for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install mcp-graphql --client claude

Installing Manually

It can be manually installed to Claude:

{
  "mcpServers": {
    "mcp-graphql": {
      "command": "npx",
      "args": ["mcp-graphql", "--endpoint", "http://localhost:3000/graphql"]
    }
  }
}

Security Considerations

Mutations are disabled by default as a security measure to prevent an LLM from modifying your database or service data. Consider carefully before enabling mutations in production environments.

Customize for your own server

This is a very generic implementation where it allows for complete introspection and for your users to do whatever (including mutations). If you need a more specific implementation I'd suggest to just create your own MCP and lock down tool calling for clients to only input specific query fields and/or variables. You can use this as a reference.

Related in Development - Secure MCP Servers

ServerSummaryActions
MCP‑StackVersão final 2025‑06‑27 • Licença MIT • Manutenção Luiz PeixotoView
Android MCPAn MCP (Model Context Protocol) server that provides programmatic control over Android devices throu...View
Chalee MCP RAG一个基于 Model Context Protocol (MCP) 的 **RAG(检索增强生成)**服务器,提供文档处理、向量存储和智能...View
MCP Documentation ServerA customized version of the MCP documentation server that enables integration between LLM applicatio...View
Gemini Image GenerationThis is a Model Context Protocol (MCP) server that provides image generation capabilities using Goog...View
Text-To-GraphQLTransform natural language queries into GraphQL queries using an MCP (Model Context Protocol) server...View