Labsco
ProfessionalWiki logo

MediaWiki MCP Server

101

from ProfessionalWiki

Enables LLM clients to interact with any MediaWiki wiki using the Model Context Protocol.

🔥🔥🔥🔥✓ VerifiedFreeAdvanced setup

MediaWiki MCP Server

An MCP (Model Context Protocol) server that enables Large Language Model (LLM) clients to interact with any MediaWiki wiki.

Features

Tools

Every tool that operates on a wiki accepts an optional wiki argument naming the wiki to act on (the wiki-management and OAuth tools do not) — pass a wiki key (e.g. en.wikipedia.org) or the full mcp://wikis/{wikiKey} URI. Omit it to use the configured default wiki (see Configuration). Each tool response reports the wiki the call ran against.

Page reads

NameDescription
compare-pagesDiff two versions of a wiki page by revision, title, or supplied wikitext.
get-category-membersList members of a category (up to 500 per call, paginated via continueFrom).
get-fileFetch a file page.
get-file-dataFetch a file's image bytes inline (base64) for visual analysis — for clients that can't reach the wiki host. Returns a scaled rendition (set width); non-renderable types (audio, video, binaries) error. For metadata or a download URL, use get-file.
get-links-hereList pages that reference a wiki page — pages that link to it, embed it as a template, or display it as a file (select via type), including pages that reach it through a redirect. Up to 500 per call, paginated via continueFrom.
get-pageFetch a wiki page.
get-page-historyList recent revisions of a wiki page.
get-pagesFetch multiple wiki pages in one call (up to 50).
get-recent-changesList recent change events across the wiki, filterable by timestamp, namespace, user, tag, type, and hide flags (up to 50 per call, paginated via continue).
get-revisionFetch a specific revision of a page.
get-site-infoGet a wiki's key settings: MediaWiki version, content language, title-case rules, namespaces, installed extensions, license, and (optionally) statistics.
list-wikisList every configured wiki — its key, sitename, server, whether it is read-only or the default, whether it is reachable, which extension-gated tools work on it, and, for an OAuth-configured wiki, its authorization server. Disabled when fewer than two wikis are configured.
parse-wikitextRender wikitext to HTML without saving. Returns parse warnings, wikilinks, templates, and external URLs.
search-pageSearch wiki page titles and contents.
search-page-by-prefixSearch page titles by prefix.
whoamiReport the identity the current session is authenticated as on the targeted wiki — username, whether it is anonymous, and group memberships (optionally user rights).

Page writes

NameDescriptionPermissions
create-page 🔐Create a new wiki page.Create, edit, and move pages
delete-page 🔐Delete a wiki page.Delete pages, revisions, and log entries
move-page 🔐Move (rename) a wiki page.Create, edit, and move pages
undelete-page 🔐Undelete a wiki page.Delete pages, revisions, and log entries
update-file 🔐Upload a new revision of an existing file from local disk.Upload, replace, and move files
update-file-from-url 🔐Upload a new revision of an existing file from a URL.Upload, replace, and move files
update-page 🔐Update an existing wiki page.Edit existing pages
upload-file 🔐Upload a file to the wiki from local disk.Upload new files
upload-file-from-url 🔐Upload a file to the wiki from a URL.Upload, replace, and move files

Wiki management

NameDescription
add-wikiAdd a wiki as an MCP resource from its URL. Disabled when allowWikiManagement is false.
remove-wikiRemove a wiki resource. Disabled when allowWikiManagement is false or fewer than two wikis are configured.

OAuth

NameDescription
oauth-logoutRemove stored OAuth tokens. Stdio only.
oauth-statusList stored OAuth tokens with scopes and expiry (no token values). Stdio only.

Extension packs

Each pack's tools register only on wikis where its extension is installed.

NeoWiki

NameDescription
neowiki-list-schemasList schemas (entity types) and their property counts.
neowiki-get-schemaGet one schema's property definitions, relations, and select options.
neowiki-cypher-queryRun a read-only Cypher query against the knowledge graph.
neowiki-search-subjectsFind subject IDs by label within a schema.
neowiki-get-subjectFetch one subject's structured data by ID.
neowiki-get-page-subjectsList the subjects attached to a wiki page.
neowiki-create-subjectCreate a subject (child or main) on a page. Requires the edit right.
neowiki-update-subjectReplace a subject's label and statements. Requires the edit right.
neowiki-delete-subjectDelete a subject by ID. Requires the edit right.
neowiki-set-main-subjectSet or clear a page's main subject. Requires the edit right.
neowiki-validate-subjectDry-run validate a proposed subject and return violations.

Semantic MediaWiki

NameDescription
smw-list-propertiesList Semantic MediaWiki properties with copy-paste templates for smw-query.
smw-queryRun a Semantic MediaWiki #ask query.

Bucket

NameDescription
bucket-queryRun a Bucket Lua query.

Cargo

NameDescription
cargo-list-tablesList Cargo tables defined on the wiki.
cargo-describe-tableList a Cargo table's fields with their types and list-flags.
cargo-queryRun a Cargo SQL-style query.

Resources

mcp://wikis/{wikiKey} — per-wiki resource exposing sitename, server (the wiki's public address), articlepath, scriptpath, and a private flag.

  • Credentials (token, username, password) are never exposed in resource content.
  • After add-wiki or remove-wiki, the server sends notifications/resources/list_changed so clients refresh.
Example read result
{
  "contents": [
    {
      "uri": "mcp://wikis/en.wikipedia.org",
      "mimeType": "application/json",
      "text": "{ \"sitename\":\"Wikipedia\",\"server\":\"https://en.wikipedia.org\",\"articlepath\":\"/wiki\",\"scriptpath\":\"/w\",\"private\":false }"
    }
  ]
}

Environment variables

NameDescriptionDefault
CONFIGPath to your configuration fileconfig.json
MCP_ALLOW_STATIC_FALLBACKSet to true to allow HTTP startup when config.json has static credentials. See docs/deployment.md — security checklist.unset
MCP_CONTENT_MAX_BYTESByte cap for content bodies (wikitext, rendered HTML, diffs). Tune to the target LLM client's tool-response budget.50000
MCP_FILE_DATA_MAX_BYTESHard cap on the base64-encoded size of a get-file-data response. A transport/safety backstop; tune the actual size per call with the tool's width. Over-cap calls error rather than truncate.1000000
MCP_UPLOAD_MAX_BYTESMemory cap on the server-side fetch used by upload-file-from-url / update-file-from-url. Files larger than this are handed to the wiki's own copy-upload instead of being buffered by the server. Guards this server's memory, not the wiki's $wgMaxUploadSize.104857600
MCP_LOG_LEVELMinimum severity for logger output. One of debug, info, notice, warning, error, critical, alert, emergency, or silent.debug
MCP_OAUTH_CREDENTIALS_FILEOverride the default credentials store path. Default: ~/.config/mediawiki-mcp/credentials.json (Linux/macOS) or %APPDATA%\mediawiki-mcp\credentials.json (Windows).unset
MCP_OAUTH_NO_BROWSERSet to 1 to skip launching a browser during the OAuth flow; the auth URL is logged to stderr instead. Useful in headless environments.unset
MCP_PUBLIC_URLOverride the request-derived public URL used in OAuth protected-resource discovery. Useful for reverse-proxy setups that rewrite the Host header.unset
MCP_MAX_REQUEST_BODYMaximum HTTP request body size (StreamableHTTP transport). Accepts size strings like 512kb or 1mb. Oversize requests get a JSON-RPC 413.1mb
MCP_METRICSSet to true to expose Prometheus metrics at GET /metrics on the HTTP transport.unset
MCP_SESSION_IDLE_TIMEOUTSeconds an HTTP session may sit idle before it is closed and removed (StreamableHTTP transport). Any request resets the timer. 0 disables expiry.1800
MCP_SHUTDOWN_GRACE_MSMaximum ms to wait for in-flight /mcp calls to drain on SIGTERM / SIGINT. See docs/operations.md — Graceful shutdown.10000
MCP_TRANSPORTType of MCP server transport (stdio or http)stdio
MCP_TRUSTED_HOSTSComma-separated hosts exempt from the outbound SSRF guard's public-IP check — for deliberately pointing the server at an internal destination such as a Docker-network alias (mediawiki.svc). Distinct from the inbound MCP_ALLOWED_HOSTS; see Security.unset
PORTPort used for StreamableHTTP transport3000

Authentication

Tools marked 🔐 require authentication. Write tools (including extension-pack writes) are hidden from tools/list when the configured default wiki has readOnly: true — see Deployment.

The Cargo tools (cargo-query, cargo-list-tables, cargo-describe-table) call API actions gated by the runcargoqueries user right. Most wikis grant this to all users by default; wikis that restrict it require the Create, query and delete data through the Cargo extension grant on the bot password or OAuth consumer. The Cargo extension is also detected on wiki.gg-hosted wikis (Helldivers, Terraria, Ark, etc.), where it ships under the rebranded name LIBRARIAN.

Security

Defaults are safe for single-user use. Before exposing the HTTP transport to others, lock down three things:

  • Trust the proxy, not the header. The server forwards any Authorization: Bearer header straight to MediaWiki — authentication is the reverse proxy's job. Terminate TLS there, and don't expose the MCP port directly on an untrusted network. See docs/deployment.md — security checklist.
  • Pair MCP_BIND with MCP_ALLOWED_HOSTS and MCP_ALLOWED_ORIGINS. The HTTP transport binds to 127.0.0.1 by default. When you open it up with MCP_BIND=0.0.0.0, set MCP_ALLOWED_HOSTS to the hostnames your proxy forwards and MCP_ALLOWED_ORIGINS to the browser origins allowed to call the server — these block DNS-rebinding and cross-origin attacks respectively.
  • Uploads are opt-in. upload-file is disabled until you list allowed directories in uploadDirs or MCP_UPLOAD_DIRS. See docs/configuration.md — upload directories.
  • Internal destinations need MCP_TRUSTED_HOSTS. Outbound fetches — the anonymous siteinfo probe, wiki discovery, *-file-from-url — are SSRF-guarded: a destination resolving to a private or loopback address is refused. To deliberately run against an internal host — e.g. a Docker-network alias like mediawiki.svc that bypasses your public proxy — list it in MCP_TRUSTED_HOSTS to exempt it from the public-IP check. The host is still resolved and pinned, and the guard stays on for every other destination. This is the outbound counterpart to the inbound MCP_ALLOWED_HOSTS (Host-header) check — the two are unrelated despite the similar names.

Report a vulnerability via GitHub's security advisory form — full policy in SECURITY.md.