Comparing four popular MCP servers
This comparison looks at four widely-used MCP servers serving different niches: @arabold/docs-mcp-server for documentation retrieval, @brave/brave-search-mcp-server and tavily-mcp for web search, and obsidian-mcp-server for personal knowledge bases. All four are distributed via npm and ship under permissive licenses, but their adoption curves, code freshness, and risk profiles diverge sharply. The numbers below come from a single registry/repo snapshot and are presented without adjustment.
Score breakdown
| Server | Overall | Security | Freshness | Adoption | Quality | Trust | Risk |
|---|---|---|---|---|---|---|---|
@arabold/docs-mcp-server | 85.6 | 100.0 | 100.0 | 63.1 | 80.0 | 50.0 | high |
@brave/brave-search-mcp-server | 63.4 | 100.0 | 30.0 | 49.4 | 60.0 | 50.0 | medium |
obsidian-mcp-server | 62.6 | 100.0 | 30.0 | 45.5 | 60.0 | 50.0 | unknown |
tavily-mcp | 65.5 | 100.0 | 30.0 | 59.8 | 60.0 | 50.0 | unknown |
Security & risk
All four servers post a perfect security score of 100.0 and ship with a license. But the headline number hides an important detail:
- ⚠
@arabold/docs-mcp-serverreportssecrets_found = 1and is classified as risk_class: high despite its top overall score of 85.6. It also reads and writes the local filesystem and makes network calls, expanding its blast radius. Audit the repo for the leaked secret and rotate any related credentials before deploying it in a sensitive environment. @brave/brave-search-mcp-serveris classified medium risk with no secrets found and a network-only capability surface (no filesystem access).obsidian-mcp-serverandtavily-mcpare both risk_class: unknown — capability flags (filesystem, network, tool count) are null, so the static profile is incomplete. Treat them as you would any unaudited server: review tool permissions before granting access.
Adoption & activity
| Server | Weekly downloads | GitHub stars | Last commit | Tool count |
|---|---|---|---|---|
@arabold/docs-mcp-server | 470 | 1,322 | 13 days ago | 10 |
@brave/brave-search-mcp-server | 16,667 | 0 | unknown | 0 |
obsidian-mcp-server | 10,724 | 0 | unknown | unknown |
tavily-mcp | 36,374 | 0 | unknown | unknown |
The picture inverts when you look at usage versus repo signals. tavily-mcp leads weekly downloads at 36,374, followed by @brave/brave-search-mcp-server (16,667) and obsidian-mcp-server (10,724). @arabold/docs-mcp-server ships only 470 weekly downloads but has by far the most stars (1,322) and the only verified recent commit (13 days). The zero-star figures on the other three are unusual and likely reflect that the recorded GitHub repo is a monorepo or mirror — not a true lack of interest, given the download volume.
Install commands
npx @arabold/docs-mcp-servernpx @brave/brave-search-mcp-servernpx obsidian-mcp-servernpx tavily-mcpRecommendation
These tools serve different jobs, so the right pick depends on what you need:
- For web search:
tavily-mcpwins on adoption (36,374 weekly downloads, score 65.5) and is the safe default.@brave/brave-search-mcp-serveris a reasonable alternative if you prefer Brave's index, but itstool_countof 0 in this snapshot is worth verifying against the upstream repo before integration. - For Obsidian vaults:
obsidian-mcp-serveris the only contender here. Its 10,724 weekly downloads suggest real usage, but theunknownrisk class and null capability flags mean you should review what it can read and write before pointing it at a personal vault. - For documentation retrieval:
@arabold/docs-mcp-serverhas the highest overall score (85.6), the freshest commits, and the only non-zero star count — but the secrets_found = 1 flag and high risk classification mean it should not be deployed as-is. If you need its functionality, fork the repo, audit for the leaked secret, and pin to a clean commit.
Overall winner on raw score: @arabold/docs-mcp-server at 85.6 — but with the explicit caveat above. Winner on safe, ready-to-use adoption: tavily-mcp.