mcp-use
Fullstack MCP framework for building MCP servers, MCP Apps, MCP agents, and MCP clients with TypeScript and Python SDKs, scaffolding, inspector tooling, hosted deployment, observability, OAuth, notifications, sampling, and agent integrations.
Open the source and read safety notes before installing.
Safety notes
- mcp-use can expose MCP tools, MCP Apps, widgets, resources, prompts, agent clients, and hosted endpoints; review tool side effects and public reachability before deployment.
- The inspector is useful for testing but can expose tool schemas, server metadata, resources, logs, or local endpoints; do not leave sensitive inspectors reachable without access control.
- Hosted deployment through Manufact MCP Cloud adds production observability, metrics, logs, branch deployments, and cloud runtime concerns that need normal secret, domain, auth, and retention review.
- MCP Apps can render interactive widgets in Claude, ChatGPT, and other clients; validate widget inputs, output schemas, embedded resources, and client compatibility before sharing.
- OAuth, notifications, sampling, code-mode behavior, and agent integrations can change what a model or user can trigger; apply least privilege and approval gates for write actions.
Privacy notes
- Tool calls, widget props, MCP resources, prompts, request metadata, OAuth tokens, logs, metrics, traces, branch deployment events, inspector sessions, and agent transcripts can contain sensitive data.
- Review data paths across the MCP client, model provider, mcp-use SDK, inspector, deployment target, external APIs, and hosted Manufact services before processing private or regulated data.
- Do not include API keys, customer documents, internal URLs, OAuth secrets, private resource URIs, or production logs in examples, public repos, inspectors, widgets, traces, screenshots, or templates.
- If an MCP server wraps third-party APIs, confirm the downstream API provider's logging, retention, deletion, and authorization behavior before exposing the tool to agents.
Prerequisites
- Node.js and npm or pnpm for the TypeScript SDK, CLI, inspector, and create-mcp-use-app scaffolder.
- Python and pip, uv, or another package manager for the Python SDK.
- Working knowledge of MCP tools, resources, prompts, transports, schemas, and the target MCP client behavior.
- A deployment plan for local, hosted Manufact MCP Cloud, or another production runtime before exposing servers publicly.
- OAuth clients, secrets, domains, CORS policy, network policy, logging policy, and model-provider credentials where the MCP server or app needs them.
Schema details
- Install type
- cli
- Troubleshooting
- No
- Scope
- Source repo
- Estimated setup
- 20 minutes
- Difficulty
- intermediate
- Website
- https://mcp-use.com
- Pricing
- freemium
- Disclosure
- editorial
- Application category
- DeveloperApplication
- Operating system
- macOS, Windows, Linux
Full copyable content
npx create-mcp-use-app@latest
npm install mcp-use
pip install mcp-useAbout this resource
Overview
mcp-use is a fullstack MCP framework for building MCP servers, MCP Apps, MCP agents, and MCP clients. It ships TypeScript and Python SDKs, a project scaffolder, local and online inspector tooling, MCP App widget support, hosted deployment through Manufact MCP Cloud, and package-level support for agent and client workflows.
Use it when the goal is to build an MCP product surface, not only install one existing MCP server. It is especially relevant for searches around mcp-use, MCP Apps, ChatGPT MCP Apps, Claude MCP Apps, MCP server framework, MCP inspector, MCP client SDK, and MCP agent framework.
Install
The TypeScript quickstart starts with the scaffold command:
npx create-mcp-use-app@latest
The core SDK packages can also be installed directly:
npm install mcp-use
pip install mcp-use
The README also documents @mcp-use/cli, @mcp-use/inspector, and
create-mcp-use-app as related TypeScript packages.
Core Capabilities
| Area | mcp-use Coverage |
|---|---|
| MCP Servers | TypeScript and Python SDKs for defining MCP tools and serving them over MCP transports |
| MCP Apps | Widget-backed tools that can render interactive app surfaces in MCP clients |
| Inspector | Local, online, and standalone inspector paths for testing and debugging MCP servers and apps |
| Scaffolding | create-mcp-use-app templates for MCP servers and MCP Apps |
| Deployment | Manufact MCP Cloud and CLI deployment flow with production observability, metrics, logs, and branch deployments |
| Agents | MCP agent and client implementations for calling MCP servers from model-backed workflows |
| Client SDK | Direct MCP client sessions for calling tools without an LLM |
| Runtime Features | OAuth, notifications, sampling, code mode, observability, and app/client compatibility hooks |
| Languages | TypeScript package on npm and Python package on PyPI |
MCP and Agent Fit
mcp-use sits directly in the MCP build layer. It is useful for teams that want to build tools for Claude, ChatGPT, Cursor, Codex, or other MCP clients, test them in an inspector, and then deploy them with a production runtime path.
It also has an agent angle: the repository documents MCP agents and clients in both Python and TypeScript, including examples that connect configured MCP servers to model-backed agent workflows.
Use Cases
- Scaffold a new MCP server or MCP App quickly.
- Build a widget-backed MCP App for Claude, ChatGPT, or another MCP client.
- Test local or hosted MCP servers with the mcp-use inspector.
- Deploy an MCP server with branch deployments, logs, metrics, and observability through Manufact MCP Cloud.
- Wrap third-party APIs as MCP tools with TypeScript or Python.
- Build an MCP client or MCP agent that calls configured MCP servers.
- Standardize MCP server development across TypeScript and Python teams.
Source Review
Verified on 2026-06-18:
- The upstream README describes mcp-use as a fullstack MCP framework for building MCP Apps for ChatGPT and Claude, plus MCP servers for AI agents.
- The README documents TypeScript and Python SDKs,
create-mcp-use-app, the mcp-use inspector, hosted deployment on Manufact MCP Cloud, and MCP agent and client examples. - The repository metadata describes the project as a fullstack MCP framework for MCP Apps and MCP servers, with topics for MCP, apps SDK, inspector, server, client, agentic framework, Claude Code, OpenClaw, skills, and Claude connectors.
- The npm registry lists
mcp-useas version1.32.1, MIT licensed, with a CLI binary and keywords for MCP, ChatGPT Apps, OAuth, notifications, sampling, SDK, inspector, and TypeScript. - PyPI lists
mcp-useas version1.7.0, MIT licensed, and summarized as a full stack MCP framework for Python to build MCP agents, clients, and servers. - The current docs resolve for home, TypeScript quickstart, Python quickstart, TypeScript server, and inspector pages.
Duplicate Check
Checked current content/tools/, content/mcp/, content/agents/,
content/skills/, guides, README output, and open pull requests for mcp-use,
mcp-use/mcp-use, create-mcp-use-app, mcp-use inspector, MCP Apps,
mcp-use TypeScript, mcp-use Python, and Manufact MCP Cloud. Existing
entries cover two specific Agent Skills from the same repository:
mcp-use-mcp-apps-builder-skill and mcp-use-openapi-to-mcp-skill. Those are
skill artifacts under skills/...; this entry covers the core fullstack
mcp-use framework, SDKs, inspector, scaffolder, deployment path, MCP Apps,
servers, clients, and agents. No dedicated core mcp-use tools entry or open
duplicate PR was found.
Disclosure
Editorial listing. No paid placement or affiliate link is used. The open-source SDKs are MIT licensed, and the project also points to hosted deployment through Manufact MCP Cloud.
Source citations
Add this badge to your README
Show that mcp-use is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/tools/mcp-use)How it compares
mcp-use side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | mcp-use Fullstack MCP framework for building MCP servers, MCP Apps, MCP agents, and MCP clients with TypeScript and Python SDKs, scaffolding, inspector tooling, hosted deployment, observability, OAuth, notifications, sampling, and agent integrations. Open dossier | Strands Agents Open-source Python and TypeScript SDK for building model-driven AI agents with any model provider, MCP tools, streaming, multi-agent patterns, structured output, observability, hooks, guardrails, and production deployment guidance. Open dossier | AG2 Agent Framework Open-source Python AgentOS and multi-agent framework, evolved from AutoGen, for building conversable agents, group chats, swarms, human-in-the-loop workflows, tool use, RAG, code execution, and provider-backed agent systems. Open dossier |
|---|---|---|---|
| Trust | |||
| Install risk | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | tools | tools | tools |
| Source | source-backed | source-backed | source-backed |
| Author | mcp-use | Strands Agents | AG2 |
| Added | 2026-06-18 | 2026-06-18 | 2026-06-18 |
| Platforms | CLI | CLI | CLI |
| Source repo | — | — | — |
| Safety notes | ✓mcp-use can expose MCP tools, MCP Apps, widgets, resources, prompts, agent clients, and hosted endpoints; review tool side effects and public reachability before deployment. The inspector is useful for testing but can expose tool schemas, server metadata, resources, logs, or local endpoints; do not leave sensitive inspectors reachable without access control. Hosted deployment through Manufact MCP Cloud adds production observability, metrics, logs, branch deployments, and cloud runtime concerns that need normal secret, domain, auth, and retention review. MCP Apps can render interactive widgets in Claude, ChatGPT, and other clients; validate widget inputs, output schemas, embedded resources, and client compatibility before sharing. OAuth, notifications, sampling, code-mode behavior, and agent integrations can change what a model or user can trigger; apply least privilege and approval gates for write actions. | ✓Strands agents can call custom tools, MCP tools, vended tools, model providers, HTTP APIs, file editors, shell tools, sandboxes, and multi-agent orchestrators; every tool needs explicit permission and side-effect review. The README says both SDKs default to Amazon Bedrock, so unattended examples may use AWS credentials and hosted model access unless the provider is changed. TypeScript exports include vended file-editor, HTTP request, bash, sandbox, intervention, plugin, telemetry, and session-storage surfaces; keep production credentials and filesystem scope narrow. Python optional extras include provider, A2A, bidirectional streaming, OpenTelemetry, Cedar, SageMaker, and other integrations; install only the extras needed for the current runtime. Hooks, guardrails, structured output validation, steering handlers, and traces help control behavior, but they do not replace authorization, audit logs, human approval, rollback plans, or domain-specific tests. | ✓AG2 agents can converse, call tools, execute code, use retrieval systems, run browser workflows, and coordinate group chats; require explicit permissions and approval gates for high-impact actions. The upstream install docs and examples commonly involve provider credentials; keep API keys, config files, notebooks, and `.env` files out of commits and support tickets. Code execution, Docker, Jupyter, browser-use, and RAG extras can touch local files, network services, notebooks, databases, and external websites; scope them tightly before granting agent access. Multi-agent conversations can continue through nested chats, swarms, group chats, and custom reply handlers; define termination, escalation, retry, and human takeover behavior. Track the release roadmap before upgrading because deprecations and the v1.0 transition can change which APIs should be used for new work. |
| Privacy notes | ✓Tool calls, widget props, MCP resources, prompts, request metadata, OAuth tokens, logs, metrics, traces, branch deployment events, inspector sessions, and agent transcripts can contain sensitive data. Review data paths across the MCP client, model provider, mcp-use SDK, inspector, deployment target, external APIs, and hosted Manufact services before processing private or regulated data. Do not include API keys, customer documents, internal URLs, OAuth secrets, private resource URIs, or production logs in examples, public repos, inspectors, widgets, traces, screenshots, or templates. If an MCP server wraps third-party APIs, confirm the downstream API provider's logging, retention, deletion, and authorization behavior before exposing the tool to agents. | ✓Prompts, chat history, system prompts, tool schemas, tool arguments, tool results, traces, hooks, model responses, streaming events, structured outputs, and errors can be sent to configured model providers or observability backends. MCP servers and vended tools may expose local files, shell output, HTTP responses, cloud resources, SaaS records, credentials, source code, and user data to the agent loop. AWS, Anthropic, OpenAI, Gemini, Ollama, LiteLLM, SageMaker, A2A, OpenTelemetry, and other integrations each have separate logging, retention, and access-control behavior. Do not publish AWS credentials, provider API keys, Bedrock model access details, OpenTelemetry endpoints, trace IDs containing sensitive metadata, filesystem paths, or generated run logs in public issues or PRs. | ✓Prompts, messages, tool arguments, tool outputs, code snippets, notebook state, retrieved documents, vector-store contents, provider responses, traces, and execution logs may contain sensitive user or workspace data. Do not expose secrets, API keys, private file paths, customer records, internal documents, database rows, or raw exceptions through agent messages, logs, notebooks, screenshots, or public examples. Provider extras and retrieval integrations can route data through OpenAI, Anthropic, Google, AWS, local model servers, databases, vector stores, browser automation, or other third-party services. If AG2 is used for code execution or browser automation, define which files, domains, credentials, downloads, screenshots, and logs can be read or retained. |
| Prerequisites |
|
|
|
| Install | | | |
| Config | — | — | — |
| Citations | |||
| Claim | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.