← All tools

mcp-server-qdrant

MCP

MCP server for retrieving context from a Qdrant vector database

v0.8.1 Apache-2.0 Tested 8 Feb 2026
7.1

Dimension scores

Security 6.0
Reliability 7.0
Agent usability 7.0
Compatibility 8.0
Code health 8.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK ~ Optional metadata parameter with None default may confuse some OpenAI SDK versions, Complex nested metadata dict structure needs careful serialization, Filter parameters dynamically generated from settings may not translate cleanly to OpenAI function schema
LangChain Dynamic filter parameter injection via wrap_filters may require custom adapter for LangChain StructuredTool

Security findings

HIGH

Arbitrary filter injection vulnerability

In mcp_server.py, the 'find' function accepts an 'arbitrary_filter' parameter of type dict[str, Any] that is directly passed to Qdrant without validation when allow_arbitrary_filter is enabled. This allows clients to construct arbitrary Qdrant filter queries, potentially bypassing intended access controls or querying unintended data.

HIGH

No authentication or authorization on MCP tools

The server exposes 'store' and 'find' tools with no authentication mechanism. Any client connecting to the MCP server can read from or write to the Qdrant database. There's a read_only flag in settings, but no user-level access control.

MEDIUM

Weak input validation on collection names

MEDIUM

Metadata injection vulnerability

MEDIUM

Missing input length limits

Reliability

Success rate

82%

Calls made

100

Avg latency

450ms

P95 latency

1200ms

Failure modes

  • Unhandled exceptions from AsyncQdrantClient operations - no try/catch blocks in qdrant.py store/search methods
  • Embedding provider failures (network/model loading) propagate uncaught to caller
  • No timeout handling on embedding operations which can hang indefinitely
  • Missing validation for empty/null query strings before embedding
  • Filter construction errors raise ValueError without structured error response
  • No handling of Qdrant connection failures or retries
  • FastEmbed synchronous operations in executor can deadlock under load
  • Missing validation for collection_name parameter (could be empty string)
  • No rate limiting or backpressure handling for concurrent requests
  • Memory exhaustion possible with large document batches (no chunking)
  • Unicode/special characters in metadata not validated before storage
  • No error handling for vector dimension mismatches between model and collection

Code health

License

Apache-2.0

Has tests

Yes

Has CI

Yes

Dependencies

12

Well-maintained MCP server with good code quality signals. Has comprehensive test coverage (3 test files with integration tests), proper type hints throughout (Pydantic models, type annotations), CI configuration via pre-commit hooks, and clear documentation. Published to PyPI with proper versioning (0.8.1). Dependencies are pinned via uv.lock. Missing: CHANGELOG/release notes, explicit CI workflow files (only pre-commit config), and test coverage reporting. No visible security vulnerabilities. Code is well-structured with proper separation of concerns (embeddings/, common/, tests/). The test suite includes integration tests for FastEmbed and Qdrant, plus settings validation. Minor gaps: no GitHub Actions workflow visible, no coverage badge/reporting, no contribution guidelines.

View source on GitHub →