boxadm-mcp
Provides tools for monitoring external file sharing and access events from a Box enterprise admin perspective, including enterprise events, external collaborators, public shared links, and DLP tracing.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@boxadm-mcpwho are the top external sharers today?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
boxadm-mcp
English | 日本語
MCP (Model Context Protocol) server that surfaces external file flow from
a Box admin's point of view. It reads Box's enterprise event log
(admin_logs) to highlight "who shares a lot with the outside" and "which
files get accessed from outside" — an early-warning signal for leakage, not a
general-purpose file browser.
Read-only: it never revokes shares, deletes files, or otherwise mutates anything — it only surfaces risk. This is a different tool from a general-purpose Box file MCP (the official Box MCP, or the claude.ai Box connector): those operate on a user's own files and cannot see enterprise events, which is exactly what this server is for.
Named after the admin-console viewpoint (boxadm = Box admin), sibling of
gwsadm-mcp.
Features
Tool | Category | Description |
| — | version + auth_mode + Box auth + |
| Diagnostic | Raw recent enterprise events (for checking event types/fields). Supports manual pagination via |
| Access (events, enterprise-wide) | Aggregates external DOWNLOAD/PREVIEW within a window: top external accessors, top externally-accessed files, share-link count. Pass |
| Exposure (enumeration) | Lists external collaborators (outside-org login or external invite email) |
| Exposure (enumeration) | Lists items shared with an |
| Exposure (enumeration) | Ranks internal owners by external exposure (external collabs + public links) |
| Combined | Morning summary combining access (events) and exposure (enumeration) |
Related MCP server: aegis
Auth model
Two modes, selected via BOX_AUTH_MODE:
oauth— OAuth 2.0 (user auth). An admin authorizes once in a browser; the refresh token keeps it running unattended after that.ccg— Client Credentials Grant (server-to-server). Simpler to run unattended if your Box tenant has an available server-authentication app slot.
admin_logs (enterprise events) is readable in either mode, provided the
authorizing/impersonated user is an admin and the app has the Manage
enterprise properties scope.
OAuth setup (one-time, by a Box admin)
Developer Console → Create Platform App → Custom App → User Authentication (OAuth 2.0)
Redirect URI:
http://localhost:8787/callbackApplication Scopes: check Manage enterprise properties (required for
admin_logs). Add Read all files and folders too if you also want collaboration/share-link enumeration (requires re-consent)Enable the app in the Admin Console (unpublished apps are disabled by default under most tenant policies)
Note the Client ID / Client Secret
First login: set
BOX_AUTH_MODE=oauthetc., then runboxadm-mcp auth→ authorize in the browser → a token cache is written to~/.config/boxadm-mcp/token.json(chmod 600)
Setup
# uv
uv pip install boxadm-mcp
# pip
pip install boxadm-mcpOr from source:
git clone https://github.com/shigechika/boxadm-mcp.git
cd boxadm-mcp
# uv
uv sync
# pip
pip install -e .Configuration
Variable | Required | Description |
|
| |
| ✓ | App Client ID |
| ✓ | App Client Secret |
| ccg mode | Enterprise ID (CCG subject; not needed for oauth) |
| oauth redirect. Default | |
| oauth token cache path. Default | |
| Default | |
| ✓ | Internal email domains (comma-separated). No default — every address counts as external until you set this |
Keep secrets out of .mcp.json (e.g. in a local env file sourced before
launch); .mcp.json itself can reference ${BOX_CLIENT_ID}-style variables
and be safely committed.
Scope and limits
Access tools (
external_access_events, and the access half ofdaily_brief) read the enterprise-wide events stream. Hittingmax_eventssetscapped: true(oldest-first scan).Exposure (enumeration) tools only see folders visible to the co-admin account (not a guaranteed 100% of the enterprise), plus
max_folders/max_depthlimits (surfaced viacapped). Requires the Read all files and folders scope.Enumeration tools share a short-TTL scan memo across calls;
public_shared_linksskips collaboration calls entirely (optimization).
DLP tracing (reverse-lookup by accessor)
To answer "what did this external account download": pass
created_by_logins (comma-separated logins) to external_access_events. It
keeps only that accessor's events and returns per-file detail
(matched_events: item id/name, owner, size in bytes+GB, timestamp,
event_type, whether it was via a share link).
external_access_events(since_hours=26, created_by_logins="someone@example.com")Since the accessor could appear anywhere in the window, a filtered call auto-extends the scan cap to up to 50,000 events (oldest-first) — but only matching events are kept, so memory stays bounded.
In this mode the response carries
events_matched(match count) instead ofevents_scanned(no running total is kept; usecappedto judge coverage).capped: truemeans the window wasn't fully scanned — raisemax_events.Box's
admin_logsAPI has nocreated_byquery parameter, so this is a client-side filter (fetch_admin_events(created_by_logins=...)).
Usage
Claude Code
Add to .mcp.json:
{
"mcpServers": {
"boxadm-mcp": {
"type": "stdio",
"command": "boxadm-mcp",
"env": {
"BOX_AUTH_MODE": "oauth",
"BOX_CLIENT_ID": "${BOX_CLIENT_ID}",
"BOX_CLIENT_SECRET": "${BOX_CLIENT_SECRET}",
"BOX_ALLOWED_DOMAINS": "example.com"
}
}
}
}CLI Options
boxadm-mcp auth # OAuth first-time login (opens a browser)
boxadm-mcp --version # Print version and exit
boxadm-mcp # Start MCP server (STDIO, default)Development
git clone https://github.com/shigechika/boxadm-mcp.git
cd boxadm-mcp
# uv
uv sync --dev
uv run pytest -v
uv run ruff check .
# pip
python3 -m venv .venv
.venv/bin/pip install -e . && .venv/bin/pip install pytest respx ruff
.venv/bin/pytest -v
.venv/bin/ruff check .Tests never touch Box — respx mocks the CCG/OAuth token endpoint and the
admin_logs/enumeration APIs.
Releasing
Releases are automated with release-please.
Merging Conventional Commits (feat:, fix:, …)
to main keeps a release PR open with the next version and changelog. Merging
that PR tags vX.Y.Z and publishes a GitHub Release, whose release: published
event triggers the release workflow to build and publish to PyPI and the MCP
Registry. release-please owns the version in boxadm_mcp/__init__.py and
server.json (do not bump them by hand).
The release-please workflow should be given a repository secretRELEASE_PLEASE_TOKEN (a PAT with contents: write + pull-requests: write).
The default GITHUB_TOKEN cannot create the Release that triggers the
downstream release workflow (GitHub blocks workflow runs triggered by
GITHUB_TOKEN), so without the PAT nothing gets published. The workflow falls
back to GITHUB_TOKEN when the secret is unset so PR CI keeps working on forks.
Governance
Because this surfaces what users share, run it as authorized information-security monitoring with a clear purpose, a defined set of viewers, and a retention policy. Most external sharing is legitimate (collaborators, vendors), so treat findings as a risk ranking, not an alert queue — build an allowlist of known-OK sharers over time.
License
MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/shigechika/boxadm-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server