airkjw/markitdown
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated warning about binding to non-local interfaces. (#1653)

Browse Source
This commit is contained in:
afourney
2026-03-30 10:17:52 -07:00
committed by GitHub
parent a6c8ac46a6
commit 63cbbd9de6
3 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/markitdown-mcp/README.md
+8 -4
View File
@@ -1,5 +1,9 @@
# MarkItDown-MCP
> [!IMPORTANT]
> The MarkItDown-MCP package is meant for **local use**, with local trusted agents. In particular, when running the MCP server with Streamable HTTP or SSE, it binds to `localhost` by default, and is not exposed to other machines on the network or Internet. In this configuration, it is meant to be a direct alternative to the STDIO transport, which may be more convenient in some cases. DO NOT bind the server to other interfaces unless you understand the [security implications](#security-considerations) of doing so.
[![PyPI](https://img.shields.io/pypi/v/markitdown-mcp.svg)](https://pypi.org/project/markitdown-mcp/)
![PyPI - Downloads](https://img.shields.io/pypi/dd/markitdown-mcp)
[![Built by AutoGen Team](https://img.shields.io/badge/Built%20by-AutoGen%20Team-blue)](https://github.com/microsoft/autogen)
@@ -18,14 +22,14 @@ pip install markitdown-mcp
## Usage
To run the MCP server, using STDIO (default) use the following command:
To run the MCP server, using STDIO (default), use the following command:
```bash
markitdown-mcp
```
To run the MCP server, using Streamable HTTP and SSE use the following command:
To run the MCP server, using Streamable HTTP and SSE, use the following command:
```bash
markitdown-mcp --http --host 127.0.0.1 --port 3001
@@ -96,7 +100,7 @@ If you want to mount a directory, adjust it accordingly:
## Debugging
To debug the MCP server you can use the `mcpinspector` tool.
To debug the MCP server you can use the `MCP Inspector` tool.
```bash
npx @modelcontextprotocol/inspector
@@ -127,7 +131,7 @@ Finally:
## Security Considerations
The server does not support authentication, and runs with the privileges of the user running it. For this reason, when running in SSE or Streamable HTTP mode, it is recommended to run the server bound to `localhost` (default).
The server does not support authentication, and runs with the privileges of the user running it. For this reason, when running in SSE or Streamable HTTP mode, the server binds by default to `localhost`. Even still, it is important to recognize that the server can be accessed by any process or users on the same local machine, and that the `convert_to_markdown` tool can be used to read any file that the server's user has access to, or any data from the network. If you require additional security, consider running the server in a sandboxed environment, such as a virtual machine or container, and ensure that the user permissions are properly configured to limit access to sensitive files and network segments. Above all, DO NOT bind the server to other interfaces (non-localhost) unless you understand the security implications of doing so.
## Trademarks