mcp-graphql

  1. ALMC
  2. MCP
  3. development
  4. mcp-graphql
mcp-graphql - Secure MCP Server by ALMC Security 2025

mcp-graphql

View on GitHub

mcp-graphql

smithery badge

A Model Context Protocol server that enables LLMs to interact with GraphQL APIs. This implementation provides schema introspection and query execution capabilities, allowing models to discover and use GraphQL APIs dynamically.

Usage

Run mcp-graphql with the correct endpoint, it will automatically try to introspect your queries.

Command Line Arguments

ArgumentDescriptionDefault
--endpointGraphQL endpoint URLhttp://localhost:4000/graphql
--headersJSON string containing headers for requests{}
--enable-mutationsEnable mutation operations (disabled by default)false
--nameName of the MCP servermcp-graphql
--schemaPath to a local GraphQL schema file (optional)-

Examples

# Basic usage with a local GraphQL server
npx mcp-graphql --endpoint http://localhost:3000/graphql

# Using with custom headers
npx mcp-graphql --endpoint https://api.example.com/graphql --headers '{"Authorization":"Bearer token123"}'

# Enable mutation operations
npx mcp-graphql --endpoint http://localhost:3000/graphql --enable-mutations

# Using a local schema file instead of introspection
npx mcp-graphql --endpoint http://localhost:3000/graphql --schema ./schema.graphql

Available Tools

The server provides two main tools:

  1. introspect-schema: This tool retrieves the GraphQL schema. Use this first if you don't have access to the schema as a resource. This uses either the local schema file or an introspection query.

  2. query-graphql: Execute GraphQL queries against the endpoint. By default, mutations are disabled unless --enable-mutations is specified.

Resources

  • graphql-schema: The server exposes the GraphQL schema as a resource that clients can access. This is either the local schema file or based on an introspection query.

Installation

Installing via Smithery

To install GraphQL MCP Toolkit for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install mcp-graphql --client claude

Installing Manually

It can be manually installed to Claude:

{
  "mcpServers": {
    "mcp-graphql": {
      "command": "npx",
      "args": ["mcp-graphql", "--endpoint", "http://localhost:3000/graphql"]
    }
  }
}

Security Considerations

Mutations are disabled by default as a security measure to prevent an LLM from modifying your database or service data. Consider carefully before enabling mutations in production environments.

Customize for your own server

This is a very generic implementation where it allows for complete introspection and for your users to do whatever (including mutations). If you need a more specific implementation I'd suggest to just create your own MCP and lock down tool calling for clients to only input specific query fields and/or variables. You can use this as a reference.

Related in Development - Secure MCP Servers

ServerSummaryActions
gget-mcpView
Unity-MCPA bridge between Unity and AI assistants using the Model Context Protocol (MCP).View
MCP Proxy HubAn MCP proxy server that aggregates and serves multiple MCP resource servers through a single interf...View
Code-Index-MCPModular, extensible local-first code indexer designed to enhance Claude Code and other LLMs with dee...View
UIAutomator2 MCP Server基于FastMCP框架实现的UIAutomator2 MCP服务器,提供Android设备自动化控制能力。View
Shell Command MCP ServerGo server implementing Model Context Protocol (MCP) for executing shell commands.View