Install command
Not provided
Add Model Context Protocol servers to Claude Code with the claude mcp add CLI and the /mcp slash command, covering transports, scopes, and OAuth for remote servers.
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
0
78
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as source-backed.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
No package verification flag provided.
Checksum metadata
No checksum provided for downloaded artifact.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Not provided
Config snippet
Not provided
Copy snippet
Provided
Prerequisites
None
Platforms
1 listed
Difficulty
100/100
Adoption plan
Current risk score 16/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
No package verification/checksum metadata.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (5/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is missing.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
5/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is missing.
rollout
Install payload is available.
No required blockers for this timeline preset.
Safety & privacy surface
3 safety and 2 privacy notes across 2 risk areas. Review closely: credentials & tokens.
claude mcp add --transport http <name> <url>Claude Code connects to external tools, databases, and APIs through the Model Context Protocol (MCP), an open standard for AI-tool integrations. You configure servers two ways: the claude mcp CLI family (run in your terminal) for adding and managing servers, and the in-session /mcp slash command for viewing connected servers and completing OAuth authentication.
Note:
/mcpis a built-in slash command (it lists servers, shows tool counts, and runs the OAuth login flow). Theclaude mcp ...commands are run in your terminal, not inside a Claude Code prompt.
claude mcp addThe claude mcp add command supports three transports via --transport: http, sse, and stdio.
Remote HTTP server:
claude mcp add --transport http <name> <url>
# Example
claude mcp add --transport http notion https://mcp.notion.com/mcp
Remote HTTP server with a custom header (for static-token auth):
claude mcp add --transport http secure-api https://api.example.com/mcp \
--header "Authorization: Bearer your-token"
Remote SSE server:
claude mcp add --transport sse asana https://mcp.asana.com/sse
Local stdio server. For stdio servers, everything after -- is the command Claude runs to launch the server:
claude mcp add [options] <name> -- <command> [args...]
# Example with an environment variable
claude mcp add --env AIRTABLE_API_KEY=YOUR_KEY --transport stdio airtable \
-- npx -y airtable-mcp-server
The -- (double dash) separates Claude's own options (--transport, --env, --scope) from the command and args passed to the server untouched. --env accepts multiple KEY=value pairs; place at least one other option between --env and the server name so the CLI does not read the name as another env pair.
claude mcp add-json takes a full server definition, which is useful for copying a config straight from a server's docs:
claude mcp add-json weather-api \
'{"type":"http","url":"https://api.weather.com/mcp","headers":{"Authorization":"Bearer token"}}'
claude mcp add-json local-weather \
'{"type":"stdio","command":"/path/to/weather-cli","args":["--api-key","abc123"],"env":{"CACHE_DIR":"/tmp"}}'
--scopeThe --scope flag controls where the configuration is stored and who can see it. Valid values are local, project, and user:
| Scope | Loads in | Shared with team | Stored in |
|---|---|---|---|
local (default) |
Current project only | No | ~/.claude.json |
project |
Current project only | Yes, via version control | .mcp.json in project root |
user |
All your projects | No | ~/.claude.json |
# Local (default) — private to you in this project
claude mcp add --transport http stripe https://mcp.stripe.com
# Project — shared with the team via .mcp.json
claude mcp add --transport http paypal --scope project https://mcp.paypal.com/mcp
# User — available across all your projects
claude mcp add --transport http hubspot --scope user https://mcp.hubspot.com/anthropic
When the same server name is defined at multiple scopes, precedence is local, then project, then user (the highest-precedence entry wins; fields are not merged).
.mcp.json project fileAdding a server with --scope project creates or updates .mcp.json at the project root. Commit it so teammates inherit the same servers. The format is:
{
"mcpServers": {
"paypal": {
"type": "http",
"url": "https://mcp.paypal.com/mcp"
},
"shared-stdio-server": {
"command": "/path/to/server",
"args": [],
"env": {}
}
}
}
For security, Claude Code prompts for approval before using project-scoped servers from .mcp.json. Pending servers show up as ⏸ Pending approval in claude mcp list; review and approve them by running claude interactively. To reset approvals, run claude mcp reset-project-choices.
.mcp.json supports ${VAR} and ${VAR:-default} expansion in command, args, env, url, and headers. This lets a committed config reference machine-specific paths and secrets without hardcoding them:
{
"mcpServers": {
"api-server": {
"type": "http",
"url": "${API_BASE_URL:-https://api.example.com}/mcp",
"headers": {
"Authorization": "Bearer ${API_KEY}"
}
}
}
}
If a referenced variable is unset and has no default, Claude Code fails to parse the config. Keep secrets out of version control by referencing environment variables rather than pasting tokens into .mcp.json.
# List configured servers
claude mcp list
# Show details for one server
claude mcp get github
# Remove a server
claude mcp remove github
/mcpRun /mcp inside a Claude Code session to see connected servers, the tool count next to each one, and to authenticate. Claude Code flags a remote server as needing authentication when it responds with 401 Unauthorized or 403 Forbidden; you then complete the OAuth 2.0 browser login from the /mcp menu.
# 1. Add the server
claude mcp add --transport http sentry https://mcp.sentry.dev/mcp
# 2. In a Claude Code session, open the MCP panel and follow the OAuth flow
/mcp
# 3. Use the server
What are the most common errors in the last 24 hours?
Use the /mcp menu's "Clear authentication" option to revoke stored OAuth access. You can verify OAuth credentials are configured for a server with claude mcp get <name>.
claude mcp add --transport http|sse <url> for remote/hosted servers (these support OAuth).claude mcp add --transport stdio <name> -- <command> for local servers you launch as a subprocess.--scope project and commit .mcp.json when the whole team should get the same servers; use the default local scope (or --scope user) for personal setups./mcp to authenticate remote servers and to check that a server is connected and exposing tools.For a step-by-step first-server walkthrough, see the official MCP documentation linked from this page.
Configure MCP Servers in Claude Code side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
2 trust signals differ across this comparison (Source provenance, Submitter).
| Field | Add Model Context Protocol servers to Claude Code with the claude mcp add CLI and the /mcp slash command, covering transports, scopes, and OAuth for remote servers. Open dossier | A source-backed Model Context Protocol starter collection for SaaS builders: connect product code, database state, payments, deployment telemetry, issue tracking, and production errors while keeping MCP authorization and tool boundaries explicit. Open dossier | Expert MCP remote server trust review capability pack for auditing OAuth flows, transport security, tool permissions, data exfiltration risk, and vendor scope before connecting Claude Code to third-party MCP servers. Open dossier | Master MCP server development from scratch. Create custom Claude Desktop integrations with TypeScript/Python in 60 minutes using production-ready patterns. Open dossier |
|---|---|---|---|---|
| Next steps | ||||
| Trust | ||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified | Package not verified |
| Source provenanceDiffers | Source-backed | Source-backed | Submission linkedSource submission | Source-backed |
| SubmitterDiffers | — | MkDev11 | kiannidev | — |
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | — | — |
| Category | commands | collections | skills | guides |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | JSONbored | MkDev11 | kiannidev | JSONbored |
| Added | 2025-10-25 | 2026-06-04 | 2026-06-14 | 2025-10-27 |
| Platforms | Claude Code | Claude Code | Claude CodeCodexWindsurfGeminiCursorCLI | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | ✓MCP servers can execute commands and call external APIs on your behalf. stdio servers run a local subprocess (the command after `--`); only add servers from sources you trust. Project-scoped servers from `.mcp.json` require explicit in-session approval before Claude Code will use them; review what each server does before approving. Remote servers may request OAuth scopes during the `/mcp` login flow — grant only the access you intend. Use the `/mcp` menu's Clear authentication to revoke access. | ✓This collection is an index; it runs nothing itself, but several linked MCP servers can read or write production SaaS data. Install read-only or sandbox-scoped credentials first, then expand permissions only after testing approval boundaries. Review each linked entry's own safety notes before enabling write, billing, deployment, or issue-tracker actions. | ✓Remote MCP servers run outside Anthropic control; Claude Code MCP integration does not guarantee vendor security or data isolation. OAuth tokens issued to an MCP server may grant persistent access to third-party accounts until revoked in the vendor admin console. Tools that read, write, delete, or execute on external systems can cause irreversible production changes when invoked by the model. SSE and streamable HTTP transports must use TLS; do not approve cleartext remote endpoints on untrusted networks. This skill recommends scoping and approval steps; it must not add MCP servers or approve OAuth consent without explicit user authorization. | ✓Building and connecting an MCP server runs a local process (or connects to a remote one) that executes tools with your user privileges; only connect servers you trust and review the command and URL first. |
| Privacy notes | ✓Local- and user-scoped server configs are written to `~/.claude.json`; project-scoped configs go to `.mcp.json` in the repo. Do not hardcode tokens in `.mcp.json` — reference them via `${VAR}` environment-variable expansion so secrets stay out of version control. OAuth credentials for remote servers are stored by Claude Code after the `/mcp` login flow; connected MCP servers can read and act on the systems they integrate with (issue trackers, databases, monitoring), so they may receive project data you ask Claude to work with. | ✓The collection stores no data itself; connected MCP servers may expose repository, customer, billing, deployment, and incident metadata. Private SaaS records follow the credentials configured for each MCP server. Avoid sharing transcripts that include MCP tool results from customer, billing, or production systems. | ✓MCP tool results can contain customer names, ticket contents, database rows, repository secrets, and internal URLs that should not be pasted into public issues. OAuth consent screens and server logs may expose account emails, organization identifiers, and access tokens if shared without redaction. Remote server vendors may retain prompts, tool arguments, and responses under their own privacy policies outside Anthropic data handling. Public trust-review summaries should describe risk categories and mitigations, not full tool schemas or live OAuth tokens. | ✓Connecting servers can pass secrets via --env and OAuth tokens stored in Claude Code's local config; the server process can access whatever data and credentials you grant it. |
| Prerequisites | — none listed |
|
| — none listed |
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Source-backed guides for putting this to work.
Design MCP servers with auth boundaries and narrow tools.
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.