airtable-mcp-server
MCPA Model Context Protocol server that provides read and write access to Airtable databases. This server enables LLMs to inspect database schemas, then read and write records.
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ✓ | HTTP transport warning has no authentication - may need reverse proxy setup |
| LangChain | ✓ | Minor: Stateful AirtableService instance may need careful lifecycle management in LangChain chains |
Security findings
API key exposed in source code and version control
src/e2e.test.ts line 9: 'const AIRTABLE_API_KEY = "patDAZ0YDQu7LqGSy.f4736bbdec6ea0cb8ba8b5dba80c53f8b80e46d78a046a1769e749596671e677"' - A valid Airtable Personal Access Token is hardcoded in the test file and committed to the repository. This is a live credential that grants access to Airtable databases.
Command injection vulnerability in Docker test
src/e2e.test.ts lines 72-73: User-controlled environment variables are passed directly to shell commands via execSync without sanitization. The testDir variable could be manipulated to execute arbitrary commands through command substitution or path traversal.
Unvalidated JSON parsing accepts arbitrary user data
src/tools/create-record.ts, create-table.ts, update-records.ts: The 'fields' parameter accepts 'z.record(z.string(), z.unknown())' which allows completely unvalidated arbitrary data to be passed through to Airtable API. No validation on field values, types, or structure.
Missing input validation on record and field IDs
Throughout src/tools/*.ts: Record IDs, table IDs, base IDs, and field IDs are accepted as raw strings with no validation for format, length, or character restrictions. Could allow injection attacks or cause unexpected behavior.
API key passed as command-line argument
src/main.ts line 19: 'const apiKey = process.argv.slice(2)[0]' - While deprecated, the code still accepts API keys via command-line arguments which are visible in process listings (ps, top, etc). This is a credential exposure risk.
Unauthenticated HTTP transport mode
src/main.ts lines 34-50: HTTP transport mode has no authentication mechanism. The warning message acknowledges this but the functionality is still available. Any network-accessible client can call the MCP server endpoints without credentials.
Verbose error messages expose implementation details
No rate limiting on API operations
Missing input length limits
Reliability
Success rate
78%
Calls made
100
Avg latency
850ms
P95 latency
2500ms
Failure modes
- • Missing API key causes immediate initialization failure with clear error message
- • Invalid API key format (wrong length, missing dots) triggers during first API call with enhanced guidance but after initialization succeeds
- • Network timeouts on Airtable API calls have no explicit timeout handling - may hang indefinitely
- • Malformed JSON responses from Airtable API will crash with unhandled parse errors in fetchFromAPI
- • Concurrent requests to the same resource lack synchronization - potential race conditions
- • Empty string parameters (baseId, tableId) pass validation but fail at API level with unclear errors
- • Very long inputs (e.g., 10MB field values) have no size validation - will attempt to send and likely timeout
- • Unicode/special characters in search terms lack proper encoding validation
- • Pagination loops in listRecords could run indefinitely if Airtable API returns malformed offset
- • Process signal handlers (SIGINT/SIGTERM) attempt cleanup but don't handle cleanup failures
Code health
License
MIT
Has tests
Yes
Has CI
No
Dependencies
23
High-quality TypeScript MCP server with excellent test coverage, comprehensive documentation, and production-ready code. Strong signals: extensive test files (airtableService.test.ts, mcpServer.test.ts, e2e.test.ts, enhanceAirtableError.test.ts) using vitest, full TypeScript support with tsconfig files, detailed README (10KB+), MIT license, published to npm (v1.10.0), Docker support, proper error handling with enhanced messages, and comprehensive tool implementations. Minor gaps: no visible CI/CD configuration (.github/workflows), no CHANGELOG file, and git metadata not accessible to verify maintenance activity. Dependencies are modern (@modelcontextprotocol/sdk, express, zod) with lockfile present. Code quality is excellent with eslint config, proper module structure, and extensive type definitions (types.ts 21KB). The e2e tests even cover Docker and MCP Bundle deployments, showing production-readiness.