The Most Downloaded MCP Servers Right Now
This digest ranks the ten most-installed MCP servers across npm and PyPI by weekly download volume. Downloads alone don't tell the whole story — several high-traffic packages carry serious security flags, and some lack scoring data because they aren't yet fully indexed. Read past the totals before you pip install anything.
Score Breakdown
| # | Server | Registry | Weekly DLs | Overall | Security | Freshness | Adoption | Quality | Trust | Risk |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | fastapi-mcp | pypi | 3,749,473 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | unknown |
| 2 | chrome-devtools-mcp | npm | 2,108,380 | 65.5 | 100.0 | 30.0 | 60.0 | 60.0 | 50.0 | high |
| 3 | ddgs | pypi | 1,175,275 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | unknown |
| 4 | mcp-server-qdrant | pypi | 1,106,864 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | unknown |
| 5 | @upstash/context7-mcp | npm | 1,095,970 | 65.5 | 100.0 | 30.0 | 60.0 | 60.0 | 50.0 | high |
| 6 | @storybook/mcp | npm | 830,566 | 65.5 | 100.0 | 30.0 | 60.0 | 60.0 | 50.0 | high |
| 7 | @modelcontextprotocol/server-filesystem | npm | 331,404 | 65.5 | 100.0 | 30.0 | 60.0 | 60.0 | 50.0 | high |
| 8 | excel-mcp-server | pypi | 210,101 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | unknown |
| 9 | mcp-server-duckdb | pypi | 208,415 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | unknown |
| 10 | scrapling | pypi | 203,653 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | unknown |
The Highlights
1. fastapi-mcp — 3.75M weekly downloads
The runaway download leader. Exposes FastAPI endpoints as MCP tools with built-in auth — a natural fit for Python teams already shipping FastAPI services. Scoring data isn't yet populated, so treat security/quality as unverified rather than good or bad.
pip install fastapi-mcp2. chrome-devtools-mcp — 2.11M weekly downloads
The official Chrome DevTools MCP server. Reads and writes the filesystem and makes network calls. Risk class: high, with 1 secret detected in the package — review before deploying in shared environments.
npx chrome-devtools-mcp3. ddgs — 1.18M weekly downloads
A metasearch library aggregating results from multiple web search backends. Two flags worth noting: no license declared and 1 secret found in the package contents. Not a drop-in for production until both are resolved.
pip install ddgs4. mcp-server-qdrant — 1.11M weekly downloads
Qdrant's official MCP server for vector-database interactions. No secrets detected, but currently missing a license file, which complicates redistribution and enterprise use.
pip install mcp-server-qdrant5. @upstash/context7-mcp — 1.10M weekly downloads
Upstash's Context7 server. The most concerning entry on this list: 6 secrets detected in the published package, plus filesystem read/write and network access. High risk — audit the package contents before installing.
npx @upstash/context7-mcp6. @storybook/mcp — 830K weekly downloads
Surfaces component knowledge from Storybook stories and docs to AI assistants. Useful for design-system workflows, but 5 secrets were detected in the package and risk class is high. Pin a known-good version and review.
npx @storybook/mcp7. @modelcontextprotocol/server-filesystem — 331K weekly downloads
The reference filesystem server from the MCP project itself. Zero secrets, MIT-licensed, security score 100 — though it's still tagged high risk because it inherently reads and writes the filesystem. That's the job; scope its allowed paths carefully.
npx @modelcontextprotocol/server-filesystem8. excel-mcp-server — 210K weekly downloads
Spreadsheet manipulation over MCP. No secrets found, but no license declared. Useful for finance and ops automation; resolve licensing before bundling into a commercial product.
pip install excel-mcp-server9. mcp-server-duckdb — 208K weekly downloads
Lets an MCP client query DuckDB databases. Licensed, no secrets detected, scoring not yet populated. A solid pick for analytical workflows on local Parquet/CSV data.
pip install mcp-server-duckdb10. scrapling — 204K weekly downloads
An adaptive web-scraping framework, licensed and clean of detected secrets. Increasingly used as the engine behind crawl-oriented MCP tools.
pip install scraplingSecurity & Risk
Three of the top servers in this digest have secrets detected in their published packages, which is the most serious finding here:
- @upstash/context7-mcp — 6 secrets (high risk)
- @storybook/mcp — 5 secrets (high risk)
- chrome-devtools-mcp — 1 secret (high risk)
- ddgs — 1 secret (and no license)
Secrets in published artifacts can mean leaked test credentials, demo API keys, or accidentally committed tokens. They don't always indicate compromise, but they do indicate weak release hygiene. Audit the package or wait for a clean release before granting these servers credentialed access.
Three packages also lack a declared license: ddgs, mcp-server-qdrant, and excel-mcp-server. That's a blocker for many enterprise environments regardless of code quality.
Adoption & Activity
Combined, these ten servers move ~11.0M weekly downloads. Distribution is heavily top-loaded: fastapi-mcp alone accounts for roughly 34% of the total, and the top three together pull in over 60%. Star counts are reported as zero across the dataset (likely a collection gap rather than a reflection of repo popularity), and last_commit_days is unavailable — so freshness signals here are limited to the freshness sub-score, which sits at 30 for every npm package with data. Treat these rankings as a usage snapshot, not a maintenance one.
Editor's Pick
@modelcontextprotocol/server-filesystem is the editor's pick this week. It's not the most downloaded — that's fastapi-mcp, which is unscored — but among the servers with full scoring data, it's the only one with zero secrets detected, a declared license, and a maintainer (the MCP project itself) directly aligned with the protocol's roadmap. Its "high risk" tag reflects what filesystem access inherently entails, not poor hygiene.
If you're a Python shop, fastapi-mcp is the obvious download-leader to evaluate next — but wait for scoring data or audit it yourself before production use. Avoid @upstash/context7-mcp and @storybook/mcp until their secret-leakage findings are resolved upstream.
npx @modelcontextprotocol/server-filesystem /path/to/allowed/dir