VERIFIED

Installer

Safety: 20/100

0.0(0)

This MCP server installs other MCP servers from npm or PyPi, automating the setup process but posing significant security risks if misconfigured.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

This MCP server installs other MCP servers from npm or PyPi, automating the setup process but posing significant security risks if misconfigured.

This server is highly risky due to its ability to execute arbitrary code from external sources. It should only be used in controlled environments with trusted packages. Thoroughly vet any package before installation to mitigate potential security breaches.

Performance depends on the size and complexity of the MCP server being installed and the speed of the network connection. Large servers may take a significant amount of time to install.

Cost is primarily related to network bandwidth and potential resource consumption during the installation process. There may be indirect costs associated with managing and securing the installed servers.

CloudJavaScript1,504 starsMIT

Connections & Capabilities

Connects To

GitHubFilesystem

Capabilities

ExecWriteAdmin

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Tools (1)

critical

install_server

Installs an MCP server from a specified package name or file path.

Executes arbitrary code, modifies the system, and can introduce vulnerabilities.

Security

Auth Method

None

Data Locality

cloud

Known Risks

!Supply chain attacks via malicious npm/PyPi packages
!Command injection vulnerabilities due to lack of input sanitization
!Privilege escalation by installing servers with excessive permissions
!Uncontrolled resource consumption during installation
!Dependency conflicts leading to unstable server environments

Safety Score

critical risk

Positive

+Requires explicit user installation via `claude_desktop_config.json`
+Installation process is initiated by user prompts, not automatic
+Relies on package managers (npm, uv) for dependency resolution

Risks

-Executes arbitrary code from npm/PyPi, posing a supply chain risk
-Lacks input validation, potentially leading to command injection
-Can install servers with broad permissions, escalating privileges
-Requires `npx` and `uv`, which can introduce vulnerabilities if outdated
-No built-in sandboxing or resource limits during installation

Use Cases

Automated Server Deployment

-Quickly setting up multiple MCP servers
-Automating the installation of new MCP server versions
-Deploying MCP servers in development environments

MCP Server Management

-Installing MCP servers from various sources (npm, PyPi, local files)
-Managing MCP server dependencies
-Simplifying the MCP server setup process for non-technical users

Development and Testing

-Rapidly prototyping MCP server configurations
-Testing MCP server compatibility with different environments
-Creating reproducible MCP server setups

Who Is This For?

Best For

Developers prototyping MCP server setups
Automated deployment pipelines in controlled environments
Experienced users who understand the risks of executing arbitrary code

Not Ideal For

Production environments without strict security controls
Users unfamiliar with npm and PyPi package management
Scenarios requiring high levels of security and isolation

Autonomy & Execution

Default ModeFull access

Destructive Tools

This server grants full autonomy to install and configure other MCP servers, posing significant risks if not carefully managed. There is no sandboxing or rollback support.

StatelessNo

Retry LogicNot documented

ConcurrencySingle-threaded

Production Tip

Isolate the installer server in a dedicated environment with restricted network access to minimize the impact of potential security breaches.

FAQ

What happens if the installation fails?

The installer will likely output an error message from the underlying package manager (npm or uv). You'll need to examine the logs to diagnose the issue.

Can I install MCP servers from private repositories?

Potentially, if you configure npm or uv to authenticate with your private repository. However, this increases the risk of exposing credentials.

How do I uninstall an MCP server installed with this tool?

This tool doesn't provide uninstallation functionality. You'll need to manually remove the server's configuration from `claude_desktop_config.json` and any associated files.

Is there a way to verify the integrity of the installed packages?

You can use npm or uv's built-in integrity checking features (e.g., `npm audit`, `uv check`) to identify potential vulnerabilities.

Does this server automatically update installed MCP servers?

No, you'll need to manually update the servers by reinstalling them with the latest version.

Can I specify a specific version of an MCP server to install?

Yes, you can specify a version using the standard npm/PyPi versioning syntax (e.g., `mcp-server-fetch@1.2.3`).

What are the minimum system requirements for this installer server?

The installer requires `npx` and `uv` to be installed and accessible in your system's PATH. It also needs network access to download packages from npm or PyPi.

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Installer - AI Tool Review & Alternatives | Flaex AI