Box - AI Tool Review & Alternatives | Flaex AI

VERIFIED

Box

Safety: 65/100

0.0(0)

This MCP server allows searching and reading files from Box, using JWT or developer tokens for authentication, with potential risks depending on the token type and permissions.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

This MCP server allows searching and reading files from Box, using JWT or developer tokens for authentication, with potential risks depending on the token type and permissions.

This MCP server is relatively safe for read-only operations. The biggest risk comes from misconfiguration of the JWT or using a developer token for extended periods. Ensure the JWT has the least privilege necessary and rotate tokens regularly.

Performance depends on the size and number of files being searched and read. Network latency can also be a factor.

Cost depends on Box API usage. Be mindful of API rate limits and storage costs.

JavaScript10 starsBSD-3-ClauseReleased 1/4/2025CI/CD

Connections & Capabilities

Connects To

GitHub

Capabilities

Read

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Quickstart

Claude Desktop Config

{
  "mcpServers": {
    "box": {
      "command": "npx",
      "args": ["box-mcp-server"],
      "env": {
        "BOX_JWT_BASE64": "YOUR_BASE64_ENCODED_JWT",
        "BOX_USER_ID": "123456"
      }
    }
  }
}

Tools (2)

safe

search_files

Searches for files within the Box account.

Read-only operation, no modification of data.

safe

read_file

Reads the content of a file from Box.

Read-only operation, no modification of data.

Security

Auth Method

Token

Known Risks

!Exposure of Box Developer Token in environment variables if not properly secured.
!Potential for unauthorized access if JWT configuration is compromised.
!Limited lifespan of developer tokens requires frequent regeneration.
!Over-permissioning of JWT leading to broader access than intended.

Safety Score

moderate risk

Positive

+Read-only access to files (search and read)
+Authentication required (JWT or Developer Token)
+No file deletion capabilities
+Limited scope (search and read only)

Risks

-Developer tokens have limited lifespan (60 minutes)
-JWT configuration requires careful management of private keys
-Potential for over-permissioning if JWT is not configured correctly
-Exposure of BOX_USER_ID in environment variables

Use Cases

Document Retrieval

-Finding specific documents by name or content
-Accessing research papers stored in Box
-Retrieving contracts or legal documents

Content Analysis

-Analyzing text from PDF documents
-Extracting data from Word documents
-Summarizing document content

Knowledge Management

-Building a knowledge base from Box files
-Indexing documents for search
-Integrating Box content with other knowledge management systems

Who Is This For?

Best For

Retrieving specific documents from Box
Analyzing content of Box files
Integrating Box content into other applications
Users needing read-only access to Box files

Not Ideal For

Modifying or deleting files in Box
Managing Box users or permissions
High-volume, real-time data processing

Autonomy & Execution

Default ModeRead-only

Sandboxed

The server operates in read-only mode, limiting the risk of unintended modifications.

StatelessYes

Retry LogicNot documented

ConcurrencySingle-threaded

Production Tip

Use JWT authentication with narrowly scoped permissions for production environments.

FAQ

What authentication methods are supported?

JWT and Developer Token authentication are supported.

How long does a developer token last?

A developer token lasts for 60 minutes.

What file types can be read?

PDF and Word files are supported.

Can I delete files using this server?

No, this server only supports reading files.

Is it safe to use a developer token in production?

No, developer tokens are intended for development purposes only. Use JWT for production.

How do I configure JWT authentication?

You need a Box enterprise account and a JWT configuration file. See the README for details.

What permissions are required for the JWT?

The JWT should have the minimum necessary permissions for searching and reading files.

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Box

Overview

Connections & Capabilities

Connects To

Capabilities

Client Compatibility

Quickstart

Claude Desktop Config

Tools (2)

Security

Safety Score

Positive

Risks

Use Cases

Document Retrieval

Content Analysis

Knowledge Management

Who Is This For?

Best For

Not Ideal For

Autonomy & Execution

FAQ

What authentication methods are supported?

How long does a developer token last?

What file types can be read?

Can I delete files using this server?

Is it safe to use a developer token in production?

How do I configure JWT authentication?

What permissions are required for the JWT?

Metrics

Related Tools