Most Downloaded MCP Servers: Weekly Digest & Security Watch

1. fastapi-mcp — 3.75M weekly downloads

The volume leader by a wide margin. It exposes existing FastAPI endpoints as MCP tools, with auth support — a pragmatic shortcut for teams who already have a FastAPI surface and want to make it agent-callable. Licensed, no secrets detected. Profiling pending.

pip install fastapi-mcp

2. chrome-devtools-mcp — 2.11M weekly downloads

Official MCP wrapper around Chrome DevTools. Reads and writes the filesystem and makes network calls — expected for a browser automation tool, but it ships with 1 secret found and is classed high risk. Audit before granting it broad filesystem scope.

npx chrome-devtools-mcp

3. ddgs — 1.18M weekly downloads

A metasearch aggregator (DuckDuckGo and friends). Two caveats worth noting: no license detected, and 1 secret found in the source. Both are blockers for many enterprise environments.

pip install ddgs

4. mcp-server-qdrant — 1.11M weekly downloads

The official Qdrant vector-DB MCP server. No secrets found, but no license metadata detected — verify upstream before redistributing.

pip install mcp-server-qdrant

5. @upstash/context7-mcp — 1.10M weekly downloads

Context7's documentation-fetching MCP server. Licensed, but our scanner flagged 6 secrets in the package — the highest count in this digest — and the package reads/writes the filesystem and makes network calls. Risk class: high. Review the findings before deploying with credentials in scope.

npx @upstash/context7-mcp

6. @storybook/mcp — 830K weekly downloads

Surfaces Storybook component knowledge to agents — a strong fit for design-system-aware coding assistants. Licensed, but 5 secrets detected and rated high risk. Likely test fixtures, but worth verifying.

npx @storybook/mcp

7. @modelcontextprotocol/server-filesystem — 331K weekly downloads

The reference filesystem server from the MCP project itself. Zero secrets, licensed, security score 100. The "high" risk class here reflects capability surface (full filesystem read/write) rather than code hygiene — that's by design for this tool.

npx @modelcontextprotocol/server-filesystem

8. excel-mcp-server — 210K weekly downloads

Excel file manipulation over MCP. Clean on secrets, but no license — a problem for redistribution.

pip install excel-mcp-server

9. mcp-server-duckdb — 208K weekly downloads

DuckDB query execution over MCP. Licensed, no secrets found. Profiling pending but the surface area is small and well-scoped.

pip install mcp-server-duckdb

10. scrapling — 204K weekly downloads

Adaptive web-scraping framework usable via MCP. Licensed, no secrets found. Useful when DDG-style metasearch isn't enough and you need page-level extraction.

pip install scrapling

Three packages in this digest carry meaningful security flags that warrant attention before installation:

• @upstash/context7-mcp — 6 secrets found. Highest count in the list. Risk class high.
• @storybook/mcp — 5 secrets found. Risk class high.
• chrome-devtools-mcp — 1 secret found. Risk class high.
• ddgs — 1 secret found, no license. Double flag.

Three PyPI packages are missing license metadata: ddgs, mcp-server-qdrant, and excel-mcp-server. That's a compliance issue regardless of code quality. The cleanest scans (zero secrets, has license) belong to fastapi-mcp, @modelcontextprotocol/server-filesystem, mcp-server-duckdb, and scrapling.

Total weekly downloads across these 10 servers: roughly 11.0 million. The distribution is heavily top-loaded: fastapi-mcp alone accounts for ~34% of that volume, and the top three (fastapi-mcp, chrome-devtools-mcp, ddgs) together account for ~64%.

Star counts and last-commit recency were not available in this snapshot for any of the 10 entries, so commit-velocity comparisons aren't possible here. The four npm packages all carry a freshness score of 30.0 — middling — suggesting room for more frequent releases on the npm side. Official/vendor-backed servers (fastapi-mcp, qdrant, context7, storybook, chrome-devtools, modelcontextprotocol) dominate the top of the chart, which is consistent with the broader pattern: developers gravitate toward maintainer-backed MCP servers over community forks.