Delv
CommunityAbandoned· 7mo4.3by stass

EXIF MCP

Extracts EXIF, XMP, JFIF, and GPS metadata from images like JPEG, PNG, TIFF, and HEIC, operating entirely offline.

View repo
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer45
Permissions85
Supply chain40
Transparency65
Incidents100

This community MCP server extracts image metadata (EXIF, XMP, GPS) from common formats, operating entirely offline which is a privacy positive. The maintainer 'stass' appears to be a solo developer with limited public profile, creating bus factor concerns. The repository exists and is open source with reasonable documentation, but the install method requires cloning and building from source rather than using a standard package registry. Permissions are well-scoped to read-only filesystem access for image files, which is appropriate for metadata extraction. No npm or PyPI distribution means less community vetting and no dependency pinning benefits. The offline-only operation is a security advantage as it prevents data exfiltration. No known security incidents, but the solo maintainer and non-standard distribution reduce confidence in long-term maintenance and supply chain integrity.

Lethal Trifecta (prompt-injection exposure)

ONE OF THREE
Private dataNo
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsNo
Can send data outbound

Reads metadata from local images; can include attacker-crafted EXIF strings. No outbound in pure read mode.

Green flags

  • Operates entirely offline, preventing metadata exfiltration
  • Read-only filesystem access, no write or execute permissions
  • Open source with clear documentation of capabilities
  • Well-scoped functionality limited to metadata extraction
  • No external network calls or API dependencies

Red flags

  • Solo maintainer 'stass' with limited public development history
  • No package registry distribution, requires manual clone and build
  • No dependency pinning or lock file verification in standard tooling
  • Limited community review due to non-standard installation method

Permissions requested

Read files
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npm install && npm run build

Review

EXIF MCP does one thing: it pulls metadata out of image files. EXIF, XMP, JFIF, GPS coordinates, the lot. It works offline, which matters if you're dealing with client photos or anything remotely sensitive. No cloud calls, no API keys, no surprises. I'd reach for this when I'm organising a photo library and need to sort by camera model, or when I'm checking GPS data before publishing images online. It's also useful for forensics-adjacent work, verifying when and where a photo was taken, or confirming whether metadata has been stripped. The offline nature means it's fast and doesn't leak anything. The tool supports JPEG, PNG, TIFF, and HEIC, which covers most real-world use cases. HEIC support is particularly welcome since iPhones default to it. The extraction is comprehensive: you get camera settings, timestamps, geolocation, lens data, and software tags if they exist. It doesn't try to interpret or prettify the output, it just hands you the raw metadata, which is what you want for scripting or further processing. Quirks: it's a build-it-yourself setup. You clone the repo, run npm install, build it, then wire it into your MCP host manually. There's no prebuilt package, so if you're not comfortable with Node tooling, you'll spend ten minutes figuring it out. The config snippet is listed as 'n/a', which means you're writing your own JSON block for Claude Desktop or Cursor. It's not for casual users who just want to view EXIF data once. For that, you'd use a GUI app or an online tool. This is for developers who need repeatable, scriptable access to image metadata inside an AI workflow. If you're building a photo management agent, a privacy checker, or anything that needs to inspect images at scale, this is a solid, no-nonsense tool. If you're just curious about one photo, it's overkill.
Verdict

Install this if you're building workflows that need reliable, offline image metadata extraction. It's a single-purpose tool that does its job without fuss. Skip it if you're not comfortable with manual builds or don't have a repeatable use case for EXIF data.

Good at

  • Runs entirely offline, so no privacy concerns with sensitive images.
  • Supports HEIC files, which many EXIF tools skip.
  • Returns raw, unfiltered metadata, making it easy to script or parse further.
  • No API keys or external dependencies beyond Node.
  • Fast extraction even on large batches of images.

Watch out

  • No prebuilt package, so you have to clone and build it yourself.
  • Config setup is manual, with no example snippet provided in the listing.
  • Returns empty fields for images without metadata, which can confuse first-time users.
  • Limited to image formats; won't handle video or audio metadata.

Use cases

  • photo library analysis
  • GPS metadata extraction
  • photography workflows
  • digital forensics

Getting started

1. Clone the repo from https://github.com/stass/exif-mcp, then run `npm install && npm run build` in the directory. 2. Add the server to your Claude Desktop or Cursor config file under the 'mcpServers' section, pointing the command to the built index.js file in the repo. 3. Restart your MCP host and confirm the EXIF server appears in the available tools list. 4. Test it by asking Claude to extract metadata from a JPEG or PNG file on your local machine. 5. Watch out: if your images lack EXIF data (common with screenshots or edited files), the tool will return empty fields, not an error.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs