MCP Server for Asana
MCP server providing Asana task, project, and workspace management tools
Score Breakdown
Server Info
- Package
- @roychri/mcp-server-asana
- Registry
- npm
- Repository
- roychri/mcp-server-asana
- Maintainer
- Community
- Category
- Project Management
- Tags
- tasksprojectscollaboration
- Last Scanned
- 7 Apr 2026
Findings
5 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport via StdioServerTransport. Auth via ASANA_ACCESS_TOKEN env var (personal access token). Token is passed directly to the Asana SDK client. No HTTP transport, no MCP OAuth. READ_ONLY_MODE env var controls whether write tools are exposed. For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 3 of 41 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
Data Exposure
MEDIUM5 list operations lack pagination
asana_get_tasks_for_project has limit (1-100) and offset params. asana_get_project_statuses has limit/offset. asana_get_tags_for_task, asana_get_tags_for_workspace, asana_get_tasks_for_tag have limit/offset. asana_search_tasks, asana_list_workspaces, asana_get_project_sections, asana_get_subtasks, asana_search_projects lack pagination. opt_fields parameter available on most tools for field selection.
Add limit/offset or cursor-based pagination.
Maintenance & Trust
LOWCommunity-maintained by Christian Roy (roychri)
No official vendor backing.
Seek vendor verification.
HIGH15 dependency vulnerabilities (2 critical, 7 high)
npm audit found 2 critical and 7 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
41 total| Name | Description | Risk |
|---|---|---|
| asana_list_workspaces | List all available workspaces in Asana | read |
| asana_search_projects | Search for projects in Asana using name pattern matching | read |
| asana_get_my_tasks | Get tasks from the authenticated user's 'My Tasks' list in a workspace. Returns the user's personal task list including sections like Inbox, Today, This Week, etc. | read |
| asana_search_tasks | Search tasks in a workspace with advanced filtering options | read |
| asana_get_task | Get detailed information about a specific task | read |
| asana_create_task | Create a new task in a project | write |
| asana_get_task_stories | Get comments and stories for a specific task | read |
| asana_update_task | Update an existing task's details | write |
| asana_get_project | Get detailed information about a specific project | read |
| asana_get_project_task_counts | Get the number of tasks in a project | read |
| asana_get_project_sections | Get sections in a project | read |
| asana_get_tasks_for_project | Get all tasks in a project. Use this instead of search_tasks when you need to list tasks in a specific project. Supports pagination and optional field selection. | read |
| asana_create_project | Create a new project in a workspace or team | write |
| asana_create_task_story | Create a comment or story on a task. Either text or html_text is required. | write |
| asana_add_task_dependencies | Set dependencies for a task | write |
| asana_add_task_dependents | Set dependents for a task (tasks that depend on this task) | write |
| asana_create_subtask | Create a new subtask for an existing task | write |
| asana_get_subtasks | Get all subtasks of a given task. Returns a compact representation of each subtask. | read |
| asana_get_multiple_tasks_by_gid | Get detailed information about multiple tasks by their GIDs (maximum 25 tasks) | read |
| asana_get_project_status | Get a project status update | read |
| asana_get_project_statuses | Get all status updates for a project | read |
| asana_create_project_status | Create a new status update for a project | write |
| asana_delete_project_status | Delete a project status update | admin |
| asana_set_parent_for_task | Set the parent of a task and position the subtask within the other subtasks of that parent | write |
| asana_get_tag | Get detailed information about a specific tag | read |
| asana_get_tags_for_task | Get a task's tags | read |
| asana_get_tags_for_workspace | Get tags in a workspace | read |
| asana_update_tag | Update an existing tag | write |
| asana_delete_tag | Delete a tag | admin |
| asana_get_tasks_for_tag | Get tasks for a specific tag | read |
| asana_create_tag_for_workspace | Create a new tag in a workspace | write |
| asana_add_tag_to_task | Add a tag to a task | write |
| asana_remove_tag_from_task | Remove a tag from a task | write |
| asana_add_project_to_task | Add an existing task to a project. If no positioning arguments are given, the task will be added to the end of the project. | write |
| asana_remove_project_from_task | Remove a task from a project. The task will still exist in the system, but it will not be in the project anymore. | write |
| asana_delete_task | Delete a task. This permanently removes the task and cannot be undone. | admin |
| asana_create_section | Create a new section in a project | write |
| asana_update_section | Update a section (rename it) | write |
| asana_delete_section | Delete a section from a project | admin |
| asana_add_task_to_section | Move a task to a section within its project | write |
| asana_update_project | Update a project's details (name, description, etc.) | write |
Deploy MCP Server for Asana securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow