SharePoint MCP Server
MCP server for browsing and interacting with Microsoft SharePoint sites and documents via Microsoft Graph API
Score Breakdown
Server Info
- Package
- sharepoint-mcp-server
- Registry
- npm
- Repository
- sekops/sharepoint-mcp-server
- Maintainer
- Community
- Category
- Document Management
- Tags
- sharepointmicrosoftdocuments
- Last Scanned
- 7 Apr 2026
Findings
4 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Uses Azure AD client credentials flow (service principal) via environment variables. Server-side token management with automatic refresh 1 minute before expiry. All four env vars are required at startup or the server exits. This is a machine-to-machine OAuth2 client_credentials... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 0 of 6 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by sekops
No official vendor backing.
Seek vendor verification.
Tools
6 total| Name | Description | Risk |
|---|---|---|
| search_files | Search for files and documents in SharePoint using Microsoft Graph Search API | read |
| list_sites | List SharePoint sites accessible to the application | read |
| get_site_info | Get detailed information about a specific SharePoint site | read |
| list_site_drives | List document libraries (drives) in a SharePoint site | read |
| list_drive_items | List files and folders in a SharePoint document library | read |
| get_file_content | Get the content of a specific file from SharePoint (text files only) | read |
Deploy SharePoint MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow