Model Context Protocol moderate risk

Ragdocs

RAG server providing documentation search and retrieval via vector embeddings, enabling context-aware AI responses using OpenAI and Qdrant.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwrite

Quickstart

Config

{
  "mcpServers": {
    "rag-docs": {
      "command": "npx",
      "args": [
        "-y",
        "@hannesrudolph/mcp-ragdocs"
      ],
      "env": {
        "OPENAI_API_KEY": "",
        "QDRANT_URL": "",
        "QDRANT_API_KEY": ""
      }
    }
  }
}

Exposed MCP Tools (7)

safe

search_documentation

Searches the stored documentation and returns relevant excerpts based on a text query.

Read-only operation, no data modification.

safe

list_sources

Lists all documentation sources currently stored in the system.

Read-only operation, no data modification.

moderate

extract_urls

Extracts URLs from a given webpage and optionally adds them to the processing queue.

Adds URLs to a queue for later processing, potential for unintended data ingestion.

high

remove_documentation

Removes specific documentation sources from the system by their URLs.

Deletes data, impacting future search results.

safe

list_queue

Lists all URLs currently waiting in the documentation processing queue.

Read-only operation, no data modification.

moderate

run_queue

Processes and indexes all URLs currently in the documentation queue.

Processes URLs, potentially ingesting and indexing data.

moderate

clear_queue

Removes all pending URLs from the documentation processing queue.

Removes URLs from the queue, preventing them from being processed.

Safety Assessment

This server provides both read and write capabilities related to documentation. While API keys are used for authentication, the ability to add and remove documentation sources, combined with the reliance on external services like OpenAI and Qdrant, introduces moderate risk. It is safe to use for information retrieval, but caution should be exercised when adding or removing documentation sources, and API keys should be securely managed.

Uses API keys for authentication
Limited write operations through queue management
No direct filesystem access
Clear separation of concerns (search vs. queue management)
Uses Qdrant, a dedicated vector database

Requires OpenAI API key, potential for misuse if compromised
Qdrant API key also required, risk of data exposure if compromised
Can add URLs to a processing queue, potentially leading to unintended data ingestion
Can remove documentation sources, impacting search results
No explicit RBAC or access controls beyond API keys

Client Compatibility

Claude Desktopfull

Cursoruntested

Windsurfuntested

VS Code (Copilot)untested

Security Notes

Compromised OpenAI API key could lead to unauthorized embedding generation and cost overruns.
Compromised Qdrant API key could lead to unauthorized data access or modification.
Malicious URLs added to the processing queue could lead to the ingestion of harmful content.
Unvalidated or poorly formatted documentation could cause processing errors or impact search quality.
Lack of rate limiting could lead to service exhaustion or unexpected costs.

Best For

Developers building documentation-aware applications
Organizations seeking to improve documentation search and retrieval
Teams looking to augment AI assistants with relevant documentation context
Projects requiring semantic search capabilities for documentation
Individuals seeking to create context-aware tooling