TOKREPO · Arsenal de IA

Nuevo · esta semana

Adaptadores MCP de Sistemas de Archivos

Diez adaptadores que conectan a un agente IA con cualquier sistema de archivos — disco local, AWS S3, Cloudflare R2, Google Drive, SFTP/FTP y gateways multi-cloud — cada uno con scoping, políticas de permisos y auditoría para que el agente deje de borrar el bucket equivocado.

10 recursos

Sobre este pack

What this pack covers

Most developers wire an agent to one filesystem — usually local disk through the official MCP server — and stop there. Then the next ticket arrives: "download last night's exports from S3", "sync this folder to R2", "pull the customer PDFs from the SFTP drop", "merge files across Google Drive and the team NAS". Each new backend turns into a one-off shell wrapper with its own credential format, no scope enforcement, and zero audit trail.

This pack is the cross-protocol set — ten adapters chosen so an agent can reach local fs, AWS S3, Cloudflare R2, Google Drive, SFTP/FTP, and 30+ multi-cloud backends through one consistent permission model. Where Filesystem Agent + Local Ops goes deep on local file janitor work (Downloads cleanup, dedupe, batch rename), this pack goes wide across protocols.

#	Adapter	Backend	Scope surface
1	Filesystem MCP (official)	Local disk	Scoped roots passed at boot
2	MCP Reference Servers	Local fs / git / memory / fetch	Anthropic's reference bundle
3	Desktop Commander MCP	Local terminal + files + PDF/DOCX	Allowlist directories
4	AWS MCP Servers (official)	S3, Lambda, CloudWatch	IAM role per server
5	Cloudflare Workers MCP	R2 buckets via Workers	Worker-level binding
6	Google Workspace MCP	Drive, Gmail, Calendar	OAuth scopes
7	rclone	70+ cloud providers	Per-remote config
8	SFTPGo	Self-hosted SFTP/FTP/WebDAV	Per-user virtual fs
9	Alist	Multi-cloud WebDAV gateway	Single mount, 30+ backends
10	AgentSeal	Security toolkit for MCP	ACL + audit policy layer

Three layers: local (1-3), cloud-native (4-7), gateway + policy (8-10).

Why a multi-protocol pack matters

The Model Context Protocol gave agents a clean interface for talking to filesystems, but the protocol doesn't dictate what's on the other end. Different teams end up with very different topologies:

Indie dev: local disk only. Filesystem MCP is enough.
Backend team: local + S3 + a CI artifact bucket on R2. Three adapters, three credential stores.
Enterprise: add SFTP for partner exchanges, Google Drive for finance, an on-prem NAS over SMB. Five-plus backends with different audit requirements.

The picks here are the ones that consistently get four things right: scoped roots (the agent literally cannot see outside the configured paths), read-only-by-default (writes are opt-in per server), structured audit logs (every call into the adapter lands in a grep-able file), and credential isolation (each adapter holds its own secrets, no shared blast radius).

Install order — local → cloud → transit → policy

Local first (#1-3). Start with Filesystem MCP pointed at one project directory. Add Desktop Commander when you need terminal + PDF/DOCX text extraction. Use MCP Reference Servers as a sanity check that your host (Claude Code / Cursor / Codex CLI) wires servers correctly.
Cloud buckets next (#4-6). Add the AWS MCP server for S3 once you've verified local works. Then Cloudflare Workers MCP if your edge cache and assets live on R2 — same protocol, different storage layer. Google Workspace MCP if Drive is part of the workflow.
Transit protocols third (#7-8). rclone (#7) isn't an MCP server itself, but it's the universal cross-cloud copy tool — wire it into Desktop Commander's shell surface and the agent gets 70+ backends through one CLI it already knows. SFTPGo (#8) is the self-hosted SFTP/FTP/WebDAV server you point partners at, with per-user virtual filesystems the agent can mount.
Policy layer last (#9-10). Alist (#9) gives the agent a single WebDAV mount that fans out to 30+ cloud backends — useful when you don't want N MCP servers per provider. AgentSeal (#10) is the audit and ACL toolkit you wrap around the whole stack so every adapter call lands in one log with one set of policies.

# Sketch of a wired-up agent host
# ~/.config/claude/mcp.json
{
  "mcpServers": {
    "fs-local":   { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "$HOME/projects"] },
    "fs-aws":     { "command": "uvx", "args": ["awslabs.s3-mcp-server"], "env": { "AWS_PROFILE": "readonly" } },
    "fs-r2":      { "command": "npx", "args": ["-y", "@cloudflare/mcp-server-workers"] },
    "fs-drive":   { "command": "uvx", "args": ["workspace-mcp"], "env": { "GOOGLE_OAUTH_SCOPE": "drive.readonly" } }
  }
}

Four adapters, four scopes, four credential stores. The agent calls fs-aws.list_objects or fs-drive.search_files and the protocol takes care of the rest.

Sandboxing and permission scopes

The single biggest win of this pack over giving the agent raw aws, rclone, sftp shell access is scope enforcement at the protocol boundary:

Filesystem MCP takes its allowed roots as positional arguments. Anything outside the list isn't visible to the agent — not blocked at write time, not visible at read time either. The agent can't cat ~/.ssh/id_rsa because the server doesn't expose ~.
AWS MCP servers run under an explicit IAM role. The right pattern is a read-only role for browse operations and a separate mcp-writer role with s3:PutObject only on one bucket prefix, swapped in for the rare write task.
Cloudflare Workers MCP uses Worker-level bindings — the Worker (not the agent) holds the R2 token, and the agent can only call operations the Worker exposes.
Google Workspace MCP uses OAuth scopes. drive.readonly is the default; drive.file is the minimum write scope (per-file consent), which is much narrower than the full drive scope most quickstarts paste in.
SFTPGo isolates each agent into its own virtual filesystem — the agent connects as user mcp-agent and sees only the mounted folders, not the rest of the disk.
AgentSeal sits across the whole stack and enforces per-tool ACLs plus structured audit. Useful when adapters have inconsistent native logging.

Audit and revoke

Every adapter in this pack writes to a log you can grep. The combined pattern is:

tail -f ~/.tokrepo/logs/fs-*.log | tee ~/.audit/$(date +%F).jsonl

One tail per session, one file per day. When something goes wrong — agent deleted the wrong object, or wrote to the wrong path — you have the call, the arguments, the result, and the timestamp. Pair with versioned buckets on the S3/R2 side (lifecycle rules → 30-day retention) and almost every mistake is recoverable.

Revoking is per-adapter: delete the IAM role, rotate the OAuth refresh token, disable the SFTPGo user, kill the Worker binding. No single credential gives access to multiple backends, which is the only structural protection that scales.

Common pitfalls

One credential, many backends. The biggest anti-pattern is reusing a personal AWS access key across all your MCP servers. Each adapter gets its own least-privilege role; mixing them defeats the whole point.
Forgetting OAuth refresh. Google Workspace MCP uses OAuth — the refresh token can expire if unused for six months. Schedule a monthly no-op call from a cron so the token stays warm.
rclone with full write access by default. rclone respects the remote's permissions, but a misconfigured remote (root key for an S3 account) lets the agent see every bucket. Always create a dedicated rclone remote per task with the narrowest scope.
SFTPGo audit log rotation. SFTPGo writes verbose logs; without rotation, a busy agent fills the disk in a week. Configure logrotate or the built-in retention.
Alist as a single point of compromise. Convenience comes at a cost — one Alist instance with credentials for 10 backends is one breach away from 10 problems. Keep Alist behind your VPN, not on the public internet.

INSTALAR · UN COMANDO

$ tokrepo install pack/mcp-filesystem-adapters

pásalo a tu agente — o pégalo en tu terminal

Qué incluye

10 recursos listos para instalar

MCP#01

Filesystem MCP — Local File Access for AI Agents

Official MCP server that gives AI agents safe, scoped access to your local filesystem. Read, write, search, and manage files and directories with configurable permissions. 4,000+ stars.

by MCP Hub·164 views

$ tokrepo install filesystem-mcp-local-file-access-ai-agents-92b8baf2

MCP#02

MCP Reference Servers — Official Collection

Official MCP reference server implementations by Anthropic: filesystem, git, memory, fetch, sequential thinking, and more. The starting point for MCP development.

by MCP Hub·128 views

$ tokrepo install mcp-reference-servers-official-collection-8a28360d

MCP#03

Desktop Commander MCP — Local Terminal + Files

Desktop Commander MCP gives agents controlled local terminal + filesystem tools (including PDF/DOCX/Excel). Install via npx and verify by listing tools.

by MCP Hub·63 views

$ tokrepo install desktop-commander-mcp-local-terminal-files

MCP#04

AWS MCP Servers — Official AWS Integration

Official MCP servers for AWS by Amazon. Connect AI agents to S3, Lambda, CloudWatch, Bedrock, CDK, and more AWS services. Secure IAM-based auth. 8.6K+ stars.

by MCP Hub·123 views

$ tokrepo install aws-mcp-servers-official-aws-integration-0fc43d04

MCP#05

Cloudflare Workers MCP — Edge Functions for AI Agents

MCP server that gives AI agents access to Cloudflare Workers for deploying edge functions, managing KV storage, R2 buckets, and D1 databases. Build and deploy serverless code from chat. 1,500+ stars.

by Cloudflare·132 views

$ tokrepo install cloudflare-workers-mcp-edge-functions-ai-agents-d0283053

MCP#06

Google Workspace MCP — Gmail/Calendar/Drive for Agents

Google Workspace MCP exposes Gmail, Calendar, and Drive actions as MCP tools so agents can summarize inboxes and manage schedules with minimal scopes.

by MCP Hub·75 views

$ tokrepo install google-workspace-mcp-gmail-calendar-drive-for-agents

Skill#07

rclone — rsync for Cloud Storage Across 70+ Providers

rclone is a command-line tool to sync, copy, and mount files between any two of 70+ cloud storage providers (S3, GCS, Azure, Dropbox, Google Drive, OneDrive, etc.). The universal file-moving tool every sysadmin should know.

by AI Open Source·83 views

$ tokrepo install rclone-rsync-cloud-storage-across-70-providers-06a04735

Skill#08

SFTPGo — Self-Hosted Secure File Transfer Server

SFTPGo is a full-featured SFTP, FTP/S, WebDAV, and HTTP/S file server written in Go, supporting virtual folders, multiple storage backends including S3 and GCS, and a web admin interface for user and quota management.

by Script Depot·119 views

$ tokrepo install sftpgo-self-hosted-secure-file-transfer-server-c41cdc5e

Skill#09

Alist — Self-Hosted Multi-Cloud File Listing Gateway

Alist is a self-hosted file listing program written in Go that provides a unified web interface for browsing and managing files across local storage and 30+ cloud providers including S3, Google Drive, OneDrive, and WebDAV.

by Script Depot·99 views

$ tokrepo install alist-self-hosted-multi-cloud-file-listing-gateway-40cecb19

Script#10

AgentSeal — Security Toolkit for Agents & MCP

AgentSeal is an FSL-1.1 (future Apache-2.0) toolkit that scans skills and MCP configs, monitors supply-chain risks, and tests prompt-injection resistance.

by Script Depot·32 views

$ tokrepo install agentseal-security-toolkit-for-agents-mcp

Preguntas frecuentes

Why not just give the agent raw `aws`, `rclone`, `sftp` CLI access through a shell tool?

Two reasons. First, scope: a shell call to aws s3 ls can touch any bucket the credentials allow — the MCP adapter exposes a defined tool surface scoped to one role or bucket. Second, audit: shell output is unstructured and easy to miss; the adapter writes structured JSON with the exact arguments. For one-off exploration the shell is fine; for any recurring or unattended op, the adapter wins.

Does this pack replace the [Filesystem Agent + Local Ops](/en/packs/filesystem-agent-local-ops) pack?

No, they pair. Local Ops goes deep on the personal-files workflow (Downloads cleanup, dedupe, batch rename) with Yazi, ripgrep, AGENTS.md, and Hooks. This pack goes wide across protocols (S3, R2, Drive, SFTP, multi-cloud). A typical workstation runs Filesystem MCP from both packs, then adds whichever cloud adapters here match the team's stack. No overlap in picks, but they assume each other's foundation.

Can a single agent call all ten adapters at once?

Technically yes — every MCP-aware host (Claude Code, Cursor, Codex CLI, Cline, gptme) supports N concurrent MCP servers. Practically, ten is too many in one session: the tool list bloats the prompt, the agent confuses similar tool names (fs-aws.list vs fs-r2.list), and credential management gets noisy. Wire two or three for any given workflow. The pack is a buffet, not a meal.

How do these handle large files — say a 5GB video on S3?

The MCP adapters expose metadata and small reads natively; for large objects the right pattern is to have the agent issue a presigned URL or a cp instruction that streams server-side, never through the agent's context. AWS MCP and Cloudflare Workers MCP both support presigned URL generation. rclone copies directly between backends without round-tripping. Never pull a 5GB file into the agent's context — that's a credit-card-shaped mistake.

What's the minimum viable setup if I just want S3 access from Claude Code?

Three things. One: install the AWS MCP servers (#4) and point at the S3-only sub-server. Two: create an IAM role with s3:GetObject and s3:ListBucket on one prefix — nothing else. Three: add the role's credentials to ~/.aws/credentials under a named profile and reference it from the MCP server config. Twenty minutes end-to-end. Once that's working, add write capability with a second role only when you have a specific write task. Read-only is the default state, not the starting state.

MÁS DEL ARSENAL

12 packs · 80+ recursos seleccionados

Explora todos los packs curados en la página principal

Volver a todos los packs