Related Pages

Related topics: Tools and API Reference, Security, Deployment, and Troubleshooting

Overview and Installation

Purpose and Scope

excel-mcp-server is a Model Context Protocol (MCP) server that lets an AI agent create, read, and modify Excel workbooks without requiring Microsoft Excel to be installed on the host. It is built on top of the openpyxl library and exposes approximately twenty MCP tools covering workbook lifecycle, cell data I/O, formatting, formulas, charts, pivot tables, native Excel tables, and sheet management.

Source: README.md declares the project as "A Model Context Protocol (MCP) server that lets you manipulate Excel files without needing Microsoft Excel installed."

The server is distributed as a Python package on PyPI, packaged with the MCP Bundle (.mcpb) format for one-click installation in Claude Desktop (added in v0.1.8), and consumable via uvx, pip, or Docker. Source: manifest.json lists the canonical mcp_config invocation as uvx excel-mcp-server stdio.

Core Capabilities at a Glance

The MCP server surface is declared statically in manifest.json under the tools array. Each entry maps a function name (e.g. create_workbook, write_data_to_excel, apply_formula) to a short description and is implemented as a decorated @mcp.tool in src/excel_mcp/server.py.

The tool layer is composed of focused implementation modules:

Tool annotations (destructiveHint, readOnlyHint) are set on every tool in src/excel_mcp/server.py so LLM clients can reason about side effects before invocation (introduced in v0.1.8 per PR #110).

Installation

Option 1 — `uvx` (recommended, zero-install)

uvx runs the latest published version in an ephemeral environment. Per README.md, the canonical local invocation is:

uvx excel-mcp-server stdio

The same pattern is recorded in manifest.json under server.mcp_config. uvx was the focus of the v0.1.3 patch that fixed uvx execution paths (see v0.1.3 release notes).

Option 2 — `pip`

pip install excel-mcp-server
python -m excel_mcp stdio

The package ships a __main__.py entry point (src/excel_mcp/__main__.py) which is what manifest.json points at under server.entry_point.

Option 3 — MCPB bundle for Claude Desktop

v0.1.8 introduced a packaged MCPB bundle so users can install the server through Claude Desktop's GUI without touching JSON configuration (added in PR #110 per the v0.1.8 release notes).

Option 4 — Docker

Community request #10 asks for a portable Docker image; until upstream publishes one, the project README documents local Python-based transports only. Self-hosting in Docker is achievable by wrapping the same uvx/pip invocation.

Transport Modes and Client Configuration

The server implements three transports, all selected via positional CLI argument (stdio, sse, streamable-http). Source: README.md § Usage.

flowchart LR
    Client[MCP Client<br/>Claude Desktop, Cursor, etc.]
    Client -->|stdio| Stdio[Local stdio process<br/>uvx excel-mcp-server stdio]
    Client -->|SSE| SSE[SSE HTTP server<br/>deprecated in v0.1.5]
    Client -->|HTTP| HTTP[streamable-http server<br/>added in v0.1.5]
    Stdio --> Tools[20+ MCP tools<br/>defined in server.py]
    SSE --> Tools
    HTTP --> Tools
    Tools --> FS[(Local Excel files)]

stdio — the default for desktop clients. Each tool call spawns or reuses the local process. Path handling uses the client working directory; log files are written to the package root directory to avoid permission errors when the client runs from an arbitrary cwd (see src/excel_mcp/server.py ROOT_DIR/LOG_FILE constants).

SSE (Server-Sent Events) — marked deprecated in the README. v0.1.8 (release notes) explicitly fixed a path-traversal vulnerability in SSE/streamable-http transports reported by @hits313. Users still on SSE should upgrade immediately.

streamable-http — added in v0.1.5 (release notes) and now the recommended HTTP transport. v0.1.7 fixed host/port configuration issues (PR #85).

A typical claude_desktop_config.json (or equivalent client config) using stdio:

{
  "mcpServers": {
    "excel": {
      "command": "uvx",
      "args": ["excel-mcp-server", "stdio"]
    }
  }
}

This block is reproduced directly in README.md under § "1. Stdio Transport".

Known Installation Footguns

A small number of issues recur in user reports and are worth checking before deployment:

• macOS + Codex + uvx (issue #100) — fails with No such file or directory (os error 2) because uvx is not on PATH. Install uv first or switch to pip+python -m excel_mcp stdio.
• FastMCP version mismatch (issue #76) — passing an unsupported version= kwarg into FastMCP.__init__ raises TypeError. Resolved by aligning with the pinned MCP dependency range; users should upgrade rather than monkey-patch.
• Security perimeter (issues #120, #128, #131, #134, #138) — in stdio mode the server has unrestricted filesystem write access and the unsafe-formula blocklist in src/excel_mcp/validation.py can be bypassed when raw cell values are written via write_data_to_excel. For untrusted or multi-tenant deployments, gate the process behind filesystem ACLs or a wrapper that sanitizes filepath arguments and applies caller-level policy. Formula validation happens in validate_formula_in_cell_operation (src/excel_mcp/validation.py) before src/excel_mcp/calculations.py writes to the cell.

Verifying the Install

After install, the server should respond to MCP initialize and list the tools declared in manifest.json. A smoke-test invocation is get_workbook_metadata against a known file — implementation in src/excel_mcp/workbook.py get_workbook_info, returning {filename, sheets, size, modified} and, with include_ranges=True, the used A1:Xn range per sheet.

See Also

• Tools Reference (TOOLS.md)
• Validation and Formula Safety
• Transport Modes In Depth (stdio vs streamable-http)

Related Pages

Related topics: Architecture and Module Structure

Tools and API Reference

The excel-mcp-server exposes a set of Model Context Protocol (MCP) tools that let an AI agent create, read, and modify Excel workbooks without requiring Microsoft Excel. Every tool is registered on a single FastMCP instance in src/excel_mcp/server.py and is surfaced as MCP tool metadata in manifest.json. This page documents the surface area of those tools, their annotations, and the implementation modules they delegate to.

Tool Registration and Annotations

Each tool is registered via the @mcp.tool(...) decorator on a thin wrapper in src/excel_mcp/server.py. The wrappers resolve a relative or absolute filepath argument using get_excel_path(), then dispatch to an _impl function in a dedicated module such as excel_mcp.workbook, excel_mcp.data, excel_mcp.sheet, or excel_mcp.pivot. Source: src/excel_mcp/server.py:1-50.

The wrappers attach ToolAnnotations to give clients hints about side effects:

• destructiveHint=True — tools that mutate the filesystem (e.g. create_workbook, create_worksheet, merge_cells, unmerge_cells, create_chart, create_pivot_table, apply_formula). Source: src/excel_mcp/server.py:73-180.
• readOnlyHint=True — read-only inspectors such as get_workbook_metadata, get_merged_cells, and validate_formula_syntax. Source: src/excel_mcp/server.py:200-230.

Errors raised by the underlying modules are caught uniformly: domain-specific exceptions (ValidationError, WorkbookError, SheetError, DataError, FormattingError, CalculationError, PivotError, ChartError) are converted into Error: <message> strings returned to the caller, while unexpected exceptions are re-raised and logged. Source: src/excel_mcp/server.py:11-22.

Tool Categories

The full list of exposed tools is enumerated in manifest.json under the "tools" array and described in detail in TOOLS.md. The table below groups them by responsibility, showing the signature shape, the primary implementation module, and whether the tool is destructive.

Module Wiring and Data Flow

The following diagram shows how a tool call flows from the MCP client through the server wrapper into the implementation module and back.

flowchart LR
    A[MCP Client] -->|tool name + args| B[server.py wrapper]
    B -->|get_excel_path| C[Resolved filepath]
    B -->|dispatch| D[Implementation module]
    D -->|openpyxl I/O| E[.xlsx file]
    D -->|dict result| B
    B -->|Error: msg or success| A

Each implementation module owns a narrow concern: workbook.py handles file creation and metadata, data.py handles read/write of cell ranges, validation.py and calculations.py handle formula safety and application, formatting.py handles styling, sheet.py handles worksheet-level operations, and pivot.py / chart.py handle analytical artifacts. Source: src/excel_mcp/data.py:1-20, src/excel_mcp/calculations.py:1-15, src/excel_mcp/formatting.py:1-12.

Formula Safety Path

apply_formula in src/excel_mcp/server.py first calls validate_formula_in_cell_operation to reject unsafe functions and bad cell references, then dispatches to calculations.apply_formula which writes the formula and saves the workbook. Source: src/excel_mcp/validation.py:17-60, src/excel_mcp/calculations.py:8-55. Community issue #134 notes that write_data_to_excel does not route through this same validator, which is an acknowledged validation gap.

Transport Modes

The same tool surface is available across three transports — stdio (default local use), sse (deprecated), and streamable-http — selected by the command-line argument in README.md. Release v0.1.8 patched a path-traversal vulnerability in the HTTP transports (v0.1.8 release notes).

Common Error and Edge Cases

• Missing sheet: load_workbook followed by an if sheet_name not in wb.sheetnames check raises ValidationError/WorkbookError, which the wrapper formats as Error: Sheet '<name>' not found. Source: src/excel_mcp/sheet.py:11-30, src/excel_mcp/data.py:15-25.
• Invalid cell reference: validate_cell_reference in excel_mcp.cell_utils is invoked before any write, producing a ValidationError. Source: src/excel_mcp/calculations.py:13-15.
• Unsafe formula: Functions like HYPERLINK, WEBSERVICE, DGET, and RTD are rejected by validate_formula in src/excel_mcp/validation.py and surfaced as Error: Invalid formula syntax: ....
• macOS launcher failures: Community issue #100 reports uvx excel-mcp-server stdio failing with No such file or directory on macOS Codex; using pipx or the explicit Python entry point python -m excel_mcp typically resolves it.

See Also

• README.md — installation and transport configuration.
• TOOLS.md — full parameter-by-parameter tool documentation.
• manifest.json — Claude Desktop / MCPB bundle metadata.
• src/excel_mcp/server.py — authoritative tool registration source.
• Releases — version history, including the v0.1.8 path-traversal fix.

Related Pages

Related topics: Tools and API Reference, Security, Deployment, and Troubleshooting

Architecture and Module Structure

Overview

excel-mcp-server is a Model Context Protocol (MCP) server that exposes Excel file manipulation as a set of discoverable tools consumable by AI agents such as Claude Desktop, Cursor, and other MCP-compatible clients. The project follows a layered architecture: a thin transport layer that speaks the MCP protocol, a tool registration layer that maps MCP tool calls onto Python functions, and a domain layer of feature modules that operate on openpyxl workbook objects on disk.

The package entry point is configured in manifest.json as src/excel_mcp/__main__.py, and is launched with uvx excel-mcp-server stdio (manifest.json). Internally, server.py constructs a FastMCP instance and decorates each domain function with @mcp.tool(...), registering every Excel operation as a separate MCP tool (server.py).

High-Level Architecture

flowchart TD
    Client[MCP Client<br/>Claude Desktop / Cursor] -->|stdio / SSE / HTTP| Transport[Transport Layer<br/>FastMCP]
    Transport -->|tool invocation| Registry[Tool Registry<br/>server.py @mcp.tool]
    Registry --> Workbook[workbook.py]
    Registry --> Sheet[sheet.py]
    Registry --> Data[data.py]
    Registry --> Formatting[formatting.py]
    Registry --> Calculations[calculations.py]
    Registry --> Pivot[pivot.py]
    Registry --> Validation[validation.py]
    Workbook --> openpyxl[(openpyxl Workbook)]
    Sheet --> openpyxl
    Data --> openpyxl
    Formatting --> openpyxl
    Calculations --> openpyxl
    Pivot --> openpyxl
    Validation --> openpyxl
    CellUtils[cell_utils.py] --> Workbook
    CellUtils --> Sheet
    CellUtils --> Data
    CellUtils --> Formatting
    CellUtils --> Calculations
    CellUtils --> Pivot
    Exceptions[exceptions.py] --> Workbook
    Exceptions --> Sheet
    Exceptions --> Data
    Exceptions --> Formatting
    Exceptions --> Calculations
    Exceptions --> Pivot

The architecture deliberately keeps file I/O localized to the domain modules. The tool layer in server.py is responsible only for path normalization, exception translation, and structured tool annotation (destructiveHint, readOnlyHint); all business logic resides in the per-feature modules.

Module Breakdown

Tool Registration Layer (`server.py`)

server.py instantiates a single FastMCP server and registers each Excel operation through the @mcp.tool(annotations=ToolAnnotations(...)) decorator (server.py). Tools are grouped by intent:

• Destructive tools — those that mutate files — carry destructiveHint=True, including create_workbook, create_worksheet, apply_formula, create_chart, create_pivot_table, and the merge/unmerge/copy/delete operations.
• Read-only tools — such as get_merged_cells and validate_formula_syntax — carry readOnlyHint=True.

The server also computes a stable log file path at startup, LOG_FILE = os.path.join(ROOT_DIR, "excel-mcp.log"), to avoid permission failures when running under stdio from arbitrary client working directories (server.py).

Domain Modules

Source: workbook.py, sheet.py, data.py, formatting.py, calculations.py, pivot.py.

Shared Utilities

Two utility modules are reused across the domain layer:

• cell_utils.py provides parse_cell_range and validate_cell_reference, which translate A1-style cell references into (row, col) tuples. Every domain module that accepts cell coordinates imports these helpers, ensuring consistent parsing semantics across tools (validation.py).
• exceptions.py defines a typed exception hierarchy — ValidationError, WorkbookError, SheetError, DataError, FormattingError, CalculationError, PivotError, ChartError — that server.py catches and converts into structured error strings returned to the MCP client (server.py).

Transport Layer

The README documents three transports: stdio (default), sse (deprecated), and streamable-http (README.md). The package entry point __main__.py reads CLI arguments and dispatches to the appropriate FastMCP runner. v0.1.5 introduced streamable-HTTP support, and v0.1.7 fixed host/port configuration issues for the network transports (v0.1.7 release notes).

Cross-Cutting Concerns

Validation Pipeline

Formula and range validation is centralized in validation.py. The module maintains an UNSAFE_FUNCS denylist (including WEBSERVICE, DGET, RTD, and various hyperlink/RTD functions) used by validate_formula to reject dangerous formulas before they reach openpyxl (validation.py). The MCP-facing tool apply_formula first invokes validate_formula_in_cell_operation and only writes the formula to the workbook if validation succeeds (server.py).

Logging and Error Handling

Each tool in server.py follows a consistent try/except pattern: domain-specific exceptions (ValidationError, WorkbookError, etc.) are converted to f"Error: {str(e)}" strings returned to the client, while unexpected exceptions are logged via logger.error(...) and re-raised so the MCP transport can report them (server.py). Log output is written to excel-mcp.log next to the package root to survive stdio client restarts (server.py).

Security Boundaries

The current architecture has no per-user or per-session identity layer; any client connected to the transport can invoke any tool against any reachable file path. Community issues have flagged this gap, including a request to identify which user triggered each call (issue #138) and a request to add policy enforcement for the ~20 filesystem-writing tools (issue #131). v0.1.8 addressed one related concern by fixing a path-traversal vulnerability in the SSE and streamable-HTTP transports (v0.1.8 release notes).

Common Failure Modes

• macOS stdio startup failure — Issue #100 reports MCP client for excel failed to start: No such file or directory (os error 2) when launched via uvx excel-mcp-server stdio. The root cause is typically that uvx cannot locate the package on PATH; reinstalling via uv tool install excel-mcp-server or running from the project root resolves it.
• FastMCP.__init__() got an unexpected keyword argument 'version' — Issue #76 shows that mismatched mcp/fastmcp dependency versions break the server. Pinning compatible versions per pyproject.toml (v0.1.6 fixed the FastMCP compatibility regression) resolves this (v0.1.6 release notes).
• Bypassed formula validation via write_data_to_excel — Issue #134 notes that formulas can reach a cell via the data-writing tool without going through validate_formula. Operators deploying the server should restrict which tools are exposed to untrusted agents or front the server with a policy layer.

See Also

• Tools Reference — complete parameter and return-value documentation for every MCP tool
• README.md — installation and client configuration examples
• v0.1.8 release notes — path-traversal fix and tool annotations

Related Pages

Related topics: Overview and Installation, Architecture and Module Structure

Security, Deployment, and Troubleshooting

The excel-mcp-server is a Model Context Protocol (MCP) server that exposes approximately 24 tools for reading, writing, formatting, and analyzing Excel .xlsx files via the openpyxl library. Because the server interacts with the local filesystem and accepts formula input, understanding its security boundaries, deployment surface, and common failure modes is essential before integrating it with an MCP client such as Claude Desktop, Cursor, or Codex. This page documents the security model that the code actually enforces, the three supported transports, and the recurring failure patterns reported by the community.

Security Model and Tool Surface

What the server enforces today

The server uses FastMCP from the official MCP Python SDK and decorates each tool with ToolAnnotations to declare its behavior to the LLM client. Most write-oriented tools carry destructiveHint=True, while purely read-only tools such as validate_formula_syntax, get_workbook_metadata, and get_merged_cells carry readOnlyHint=True (see src/excel_mcp/server.py:81-95 and surrounding tool definitions). These hints are advisory metadata for the LLM; the server itself does not implement an authorization layer — every tool runs with the privileges of the user that launched the MCP process.

Formula input is the only place where the server actively rejects unsafe content. The validator maintains a denylist of functions that can exfiltrate data or reach the network. Source: src/excel_mcp/validation.py (the HYPERLINK, WEBSERVICE, DGET, and RTD entries near the top of validate_formula). Cell-reference syntax is also checked with a regex that accepts the pattern [A-Z]+[0-9]+(?::[A-Z]+[0-9]+)?, and any reference that fails validate_cell_reference is rejected (Source: src/excel_mcp/validation.py). The validator is invoked from apply_formula in server.py, which first calls validate_formula_impl and only then delegates to excel_mcp.calculations.apply_formula (Source: src/excel_mcp/server.py and src/excel_mcp/calculations.py).

Known gaps documented by the community

Several issues in the issue tracker describe attack vectors that the source code does not close:

• Path traversal in create_workbook and friends. Issue #120 (Arbitrary file path access) and #128 (Command Injection via unsanitized file path) show that tool arguments like filepath are not constrained to a working directory; the server will write or read at any path the calling agent supplies. The release notes for v0.1.8 credit a fix for path traversal in the SSE and streamable-HTTP transports (Source: v0.1.8 release notes), but stdio mode still resolves paths against the process working directory without sandboxing.
• Formula injection via write_data_to_excel. Issue #134 reports that write_data_to_excel can write a string that starts with = into a cell, bypassing the apply_formula validator. The denylist in validation.py only runs on the apply_formula code path, not on the generic data-write path.
• No per-user identity. Issue #138 notes there is no built-in way for a deployed server to identify which Claude Desktop user initiated a call, because the stdio transport runs in a single process context and the HTTP transports do not propagate end-user identity.
• No policy layer for write operations. Issue #131 points out that all 20+ write tools have unrestricted filesystem access when running under stdio.

Operators deploying the server in a shared or multi-tenant environment should therefore add an outer sandbox (a container, a read-only bind mount for inputs, or a chroot) and restrict the working directory the server is launched from.

Deployment Options and Transports

The package manifest declares the entry point as python -m excel_mcp with arguments ["excel-mcp-server", "stdio"] (Source: manifest.json). The README documents three transports:

For stdio, the MCP client configuration is a JSON block of the form {"command": "uvx", "args": ["excel-mcp-server", "stdio"]} (Source: README.md). Release v0.1.7 added fixes for host/port configuration issues in the HTTP transports (Source: v0.1.7 release notes), and v0.1.8 added an MCPB bundle for one-click Claude Desktop installation (Source: v0.1.8 release notes).

When launched, the server writes its log file to a project-root-relative path computed as os.path.join(ROOT_DIR, "excel-mcp.log") so that stdio clients running from arbitrary working directories can still create the log (Source: src/excel_mcp/server.py).

flowchart LR
    Client[MCP Client<br/>Claude Desktop / Cursor / Ontheia] -->|stdio| Server[excel-mcp-server]
    Client -->|SSE / streamable-http| Server
    Server -->|openpyxl| XLSX[(.xlsx files)]
    Server -->|denylist check| Validator[Formula Validator]
    Server -->|LogFile| Log[(excel-mcp.log)]

Path Handling, Errors, and Logging

workbook.create_workbook uses pathlib.Path to create parent directories on demand (path.parent.mkdir(parents=True, exist_ok=True)) and then calls wb.save(str(path)) (Source: src/excel_mcp/workbook.py). This means the server will create missing directories and overwrite existing files without prompting. The wrapper tool create_workbook in server.py calls get_excel_path(filepath) to resolve the argument before invoking the implementation, but the resolution function does not enforce that the path is inside a permitted root (Source: src/excel_mcp/server.py).

Errors are surfaced through a dedicated exception hierarchy imported at the top of server.py: ValidationError, WorkbookError, SheetError, DataError, FormattingError, CalculationError, PivotError, and ChartError (Source: src/excel_mcp/server.py:18-26). Each tool catches its expected exception types and returns "Error: {str(e)}" as a plain string to the MCP client, while unexpected exceptions are logged via the module-level logger and re-raised so the transport layer can surface the failure.

Common Errors and Troubleshooting

The following patterns recur in the issue tracker and in the source code:

• No such file or directory on macOS with Codex (issue #100). When launched via uvx from a shell that does not resolve uvx on PATH, the client receives os error 2. The fix is to invoke the absolute path to uvx (for example the result of which uvx) in the command field of the MCP config.
• FastMCP.__init__() got an unexpected keyword argument 'version' (issue #76). A pinned version of the mcp SDK older than the one the server targets causes this. The v0.1.6 release notes describe the FastMCP compatibility fix that closes this regression (Source: v0.1.6 release notes).
• Sheet not found / File not found. These are produced by WorkbookError and SheetError. The Python tool implementations check sheet_name in wb.sheetnames before mutating (for example, in create_sheet and delete_sheet in src/excel_mcp/workbook.py and src/excel_mcp/sheet.py) and raise a typed error that the tool wrapper turns into an Error: string.
• Formatting and border errors. format_range catches ValueError from the openpyxl style constructors and re-raises as FormattingError with the original message (Source: src/excel_mcp/formatting.py). If a caller passes an invalid color code, the returned message identifies the offending field.
• Docker packaging. Issue #10 requests a portable Docker image; as of v0.1.8 no official image is published, so the recommended approach is to run the published PyPI package inside a python:3.12-slim container with the working directory mounted read-write and no network egress.

The most reliable first step for any failure is to inspect excel-mcp.log at the location computed in server.py; transport-level errors and any uncaught exceptions from the tool implementations are written there with the standard logger.error format.

See Also

• README — README.md
• Tool reference — TOOLS.md
• Package manifest — manifest.json
• Server entry point — src/excel_mcp/server.py
• Formula validation — src/excel_mcp/validation.py
• Workbook operations — src/excel_mcp/workbook.py
• Sheet operations — src/excel_mcp/sheet.py
• Formatting — src/excel_mcp/formatting.py
• Calculation engine — src/excel_mcp/calculations.py

Doramagic Pitfall Log

Found 15 structured pitfall item(s), including 1 high/blocking item(s). Top priority: Security or permission risk - Security or permission risk requires verification.

1. Security or permission risk: Security or permission risk requires verification

• Severity: high
• Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/haris-musa/excel-mcp-server/issues/120

2. Installation risk: Installation risk requires verification

• Severity: medium
• Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/haris-musa/excel-mcp-server/issues/132

3. Installation risk: Installation risk requires verification

• Severity: medium
• Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/haris-musa/excel-mcp-server/issues/129

4. Installation risk: Installation risk requires verification

• Severity: medium
• Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/haris-musa/excel-mcp-server/issues/123

5. Configuration risk: Configuration risk requires verification

• Severity: medium
• Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: capability.host_targets | https://github.com/haris-musa/excel-mcp-server

6. Configuration risk: Configuration risk requires verification

• Severity: medium
• Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/haris-musa/excel-mcp-server/issues/131

7. Capability evidence risk: Capability evidence risk requires verification

• Severity: medium
• Finding: README/documentation is current enough for a first validation pass.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: capability.assumptions | https://github.com/haris-musa/excel-mcp-server

8. Maintenance risk: Maintenance risk requires verification

• Severity: medium
• Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: evidence.maintainer_signals | https://github.com/haris-musa/excel-mcp-server

9. Security or permission risk: Security or permission risk requires verification

• Severity: medium
• Finding: no_demo
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: downstream_validation.risk_items | https://github.com/haris-musa/excel-mcp-server

10. Security or permission risk: Security or permission risk requires verification

• Severity: medium
• Finding: no_demo
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: risks.scoring_risks | https://github.com/haris-musa/excel-mcp-server

11. Security or permission risk: Security or permission risk requires verification

• Severity: medium
• Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/haris-musa/excel-mcp-server/issues/128

12. Security or permission risk: Security or permission risk requires verification

• Severity: medium
• Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/haris-musa/excel-mcp-server/issues/138

Community Discussion Evidence

Doramagic exposes project-level community discussion separately from official documentation. Review these links before using excel-mcp-server with real data or production workflows.

• Security: know which user is calling your Excel MCP server? - github / github_issue
• Security consideration: Arbitrary file path access and unrestricted Exce - github / github_issue
• write_data_to_excel can bypass unsafe formula validation - github / github_issue
• Ontheia listed as compatible client — works great with excel-mcp-server - github / github_issue
• Add policy enforcement for file write operations - github / github_issue
• Your MCP server is now indexed on Joy Trust Network - github / github_issue
• Security: Command Injection via unsanitized file path in create_workbook - github / github_issue
• Your skill is listed on powerpoint.md 🎉 - github / github_issue
• v0.1.8 - github / github_release
• v0.1.7 - github / github_release
• v0.1.6 - github / github_release
• v0.1.5 - github / github_release