Back to Browse
Free
Server data from the Official MCP Registry
MCP server for Shiori bookmark management and tag workflows.
About
MCP server for Shiori bookmark management and tag workflows.
Security Report
5.2
Moderate5.2Moderate RiskShiori MCP is a well-structured, security-conscious bookmark manager client with proper authentication, secure credential handling, and appropriate input validation. The server correctly requires credentials via environment variables, implements session-based auth with automatic retry on expiration, and validates JSON inputs before processing. Minor code quality improvements around error handling breadth and logging could be made, but no security vulnerabilities were identified. Supply chain analysis found 4 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
7 files analyzed · 8 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
Base URL of the Shiori instance, e.g. https://shiori.example.com
Environment variable: SHIORI_BASE_URL
Existing Shiori session id; skips login if providedRequired
Environment variable: SHIORI_SESSION_ID
Shiori username; required unless SHIORI_SESSION_ID is set
Environment variable: SHIORI_USERNAME
Shiori password; required unless SHIORI_SESSION_ID is setRequired
Environment variable: SHIORI_PASSWORD
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-rusty4444-shiori-mcp": {
"env": {
"SHIORI_BASE_URL": "your-shiori-base-url-here",
"SHIORI_PASSWORD": "your-shiori-password-here",
"SHIORI_USERNAME": "your-shiori-username-here",
"SHIORI_SESSION_ID": "your-shiori-session-id-here"
},
"args": [
"shiori-mcp"
],
"command": "uvx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
Shiori MCP
A Model Context Protocol (MCP) server for Shiori, the self-hosted bookmark and read-it-later manager.
Capabilities
- Verify Shiori connectivity and authentication
- List bookmarks
- Search bookmarks by title, URL, excerpt, and tag
- Get one bookmark by id or exact URL from the bookmark list
- Add bookmarks with Shiori's required tag-object format
- Update bookmarks via either a full-bookmark payload or common field parameters
- Delete bookmarks by id list
- List tags and bookmark counts
- Rename tags
- List accounts visible to the authenticated session
Installation
pipx install git+https://github.com/rusty4444/shiori-mcp.git
Or from a checkout:
python -m venv .venv
source .venv/bin/activate
pip install -e .
Configuration
| Variable | Required | Description |
|---|---|---|
SHIORI_BASE_URL | Yes | Base URL of the Shiori instance, e.g. https://shiori.example.com |
SHIORI_SESSION_ID | Optional | Existing Shiori session id; skips login if provided |
SHIORI_USERNAME | Required unless session id is set | Shiori username |
SHIORI_PASSWORD | Required unless session id is set | Shiori password |
SHIORI_TIMEOUT | No | HTTP timeout in seconds, default 20 |
MCP client config
{
"mcpServers": {
"shiori": {
"command": "shiori-mcp",
"env": {
"SHIORI_BASE_URL": "https://shiori.example.com",
"SHIORI_USERNAME": "your-username",
"SHIORI_PASSWORD": "your-password"
}
}
}
}
Tools
| Tool | Purpose |
|---|---|
shiori_health_check | Verify API connectivity/authentication |
shiori_list_bookmarks | List bookmarks with client-side limit/offset |
shiori_search_bookmarks | Search bookmarks by text and/or tag |
shiori_get_bookmark | Get one bookmark by id from the bookmark list |
shiori_get_bookmark_by_url | Get one bookmark by exact URL |
shiori_add_bookmark | Add a bookmark with optional tags/archive/public flags |
shiori_update_bookmark | Update a bookmark using full Shiori bookmark JSON |
shiori_update_bookmark_fields | Update common fields without manually constructing full JSON |
shiori_delete_bookmark | Delete one bookmark id |
shiori_delete_bookmarks | Delete bookmark ids from a JSON array |
shiori_list_tags | List tags and bookmark counts |
shiori_rename_tag | Rename a tag |
shiori_list_accounts | List accounts visible to this session |
Development and validation
python -m venv .venv
source .venv/bin/activate
pip install -e '.[dev]'
ruff check .
pytest
python scripts/live_docs_test.py
live_docs_test.py validates Shiori public API documentation and repository pages without credentials. Authenticated read/write API behaviours are covered with mocked HTTP tests.
API note
This server targets Shiori's documented legacy API under /api/* because the new API v1 is still documented as in development and self-documented at /swagger/index.html on running instances.
Safety
The write-capable tools mutate a Shiori bookmark database. Keep credentials in environment variables or a secret manager, never in source control.
This project was developed with the assistance of AI tools.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Fetch
Freeby Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
80.0K
Stars
3
Installs
5.3
Security
No ratings yet
Local
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
464
Installs
8.0
Security
4.8
Local