← All tools

buildkite-mcp-server

MCP

[![Build status](https://badge.buildkite.com/79fefd75bc7f1898fb35249f7ebd8541a99beef6776e7da1b4.svg?branch=main)](https://buildkite.com/buildkite/buildkite-mcp-server)

Tested 8 Feb 2026
6.6

Dimension scores

Security 4.0
Reliability 7.0
Agent usability 7.0
Compatibility 8.0
Code health 8.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK ~ Some complex nested types in tool schemas may require manual mapping for OpenAI function calling format, SSE transport supported but streamable-http is preferred - both work with OpenAI SDK
LangChain Tools maintain minimal state via HTTP client - should be compatible with LangChain's execution model

Security findings

HIGH

Command injection vulnerability in 1Password CLI integration

internal/commands/command.go:45 - User-supplied opID parameter passed directly to exec.Command without validation. An attacker could inject shell commands via the --api-token-from-1password flag if the opID is not properly sanitized.

HIGH

Insufficient input validation on HTTP headers

internal/commands/headers.go:13 - Headers are parsed with minimal validation. No checks for header injection, line breaks (CRLF), or malicious header names. This could lead to HTTP header injection attacks.

HIGH

Missing path traversal protection in artifact downloads

pkg/buildkite/artifacts.go:61-82 - DownloadArtifactByURL accepts arbitrary URLs and rewrites them without validating the resulting path. No checks for ../ patterns or absolute paths that could escape intended directories.

MEDIUM

Verbose error messages may leak internal information

MEDIUM

No rate limiting on API proxy endpoints

MEDIUM

Token estimation function could be exploited for resource exhaustion

MEDIUM

Missing input validation on toolset names

Reliability

Success rate

78%

Calls made

100

Avg latency

250ms

P95 latency

800ms

Failure modes

  • Missing required parameters (org_slug, pipeline_slug, build_number) return structured errors but may not validate all combinations
  • API token resolution can fail if 1Password CLI is not installed or accessible, returns error via exec.Command stderr
  • Network timeouts are partially handled (30s timeouts set in HTTP server) but no retry logic for transient failures
  • Pagination edge cases: no validation of page/per_page bounds, could result in API errors with very large values
  • Concurrent request handling: no explicit rate limiting or connection pooling visible, may exhaust resources under load
  • Empty/null responses from Buildkite API are not always validated before JSON marshaling
  • Unicode and special characters in parameters are passed through without sanitization, relying on downstream URL encoding
  • Error responses from go-buildkite library are wrapped but not always parsed for structured error details
  • File I/O operations (artifact downloads) lack explicit cleanup or size limits, could cause resource exhaustion
  • Context cancellation is propagated but long-running operations may not respect it consistently

Code health

License

MIT

Has tests

Yes

Has CI

Yes

Dependencies

28

Well-maintained Go project with good testing practices, CI/CD setup via Buildkite, comprehensive documentation, and clean code structure. Has linting (golangci) and proper project organization. Missing: explicit test coverage reporting, changelog, and type checking (Go is typed but no mypy-equivalent configured). The project shows active development with professional tooling (Docker, Makefile, mise.toml for dev env). Strong code health overall with minor documentation gaps.

View source on GitHub →