We checked this and rejected itprivacy

Nextcloud MCP: why it is not safe to use

Nextcloud MCP is safe self-hosted, but its optional hosted key service routes credentials through a third party and its tools can delete your data.

The Nextcloud MCP server connects an AI agent to your own Nextcloud for Notes, Calendar, Contacts, Tables, and WebDAV files. It earned a warn, not a block: the code is open TypeScript with no obfuscation, no hardcoded secrets, and no prompt-injection payloads.

What we found

  • In CLI or self-hosted mode, your data stays between you and your Nextcloud. The optional hosted MCP Key Service (mcpkeys.techmavie.digital) resolves your credentials server-side, which routes trust through a third party.
  • The server exposes full write and delete tools across Notes, Calendar, Contacts, Tables, and files, so an agent could permanently delete or overwrite personal data.
  • It needs your Nextcloud username plus a password or app-password. The README correctly recommends a dedicated App Password, and hosted mode does not fall back to environment credentials.

What to do instead

  • Prefer CLI or self-hosted mode so credentials never leave your machine.
  • If you use the hosted key service, understand that a third party handles your credentials.
  • Create a dedicated Nextcloud App Password scoped to what you need, and review agent actions before allowing deletes.
  • Keep backups of important Notes, Contacts, and files.
Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/hithereiamaliff/mcp-nextcloud

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Paste it into your AI (ChatGPT, Claude, or your agent) to add the skill.