MCP Security Index

Is MarkItDown safe to install?

Microsoft · Dev tools · stdio (local process)

Convert PDF, Office, and other documents into Markdown for LLMs.

Aminimal exposureSource
A
Grade
0/100
Blast radius
1
Tools
0
Capabilities

Capabilities

What MarkItDown declares it can do

A server's blast radius is the most powerful thing each of its tools can do. This grades the tools it declares, read-only, not whether it is secure.

  • Execute0
  • Delete0
  • Write0
  • Read1

MarkItDown declares no high-impact capabilities that AxioRank flags. A minimal grade means a small blast radius, not an endorsement.

Tools

Every tool MarkItDown exposes

1 tool

Control

Govern MarkItDown with AxioRank

1 tools

Installed as-is, all 1 of MarkItDown's tools are callable by your agent without restriction, including any that write, delete, or execute.

Flip the switch to see the policy AxioRank would apply.

Install

Add MarkItDown to your client

Drop this into your MCP client config (Claude Desktop, Cursor, and others).

mcp.json
{
  "mcpServers": {
    "markitdown": {
      "command": "uvx",
      "args": [
        "markitdown-mcp"
      ]
    }
  }
}

Embed

Show the grade in your README

Links back to this page and updates when the grade changes.AxioRank grade for MarkItDown
[![AxioRank MCP Security Index grade for MarkItDown](https://axiorank.com/api/badge/mcp/markitdown.svg)](https://axiorank.com/mcp-index/markitdown)

How it works

About this grade

The grade reflects the blast radius of what MarkItDown declares it can do, read-only, not whether it is secure or trustworthy, and not a judgment of the vendor. Maintain this server? Claim this listing or request a re-scan. See the methodology.

Email me this scorecard

Get the MarkItDown grade in your inbox.

Let your agents use MarkItDown safely

Route this server through AxioRank to allowlist its tools, hold risky calls for approval, and keep a signed audit trail of every action.

Start free