Best MCP servers for Claude Code in 2026

Claude Code has two surfaces that support MCP: the desktop app and the terminal CLI. Both connect to the same MCP servers, but the config locations differ. This matters when you're setting up servers, so here's the quick reference before the specific recommendations.

How to set up MCP servers in Claude Code

Claude Desktop (GUI app)

Edit the JSON config file directly:

macOS:

~/Library/Application Support/Claude/claude_desktop_config.json

Windows:

%APPDATA%\Claude\claude_desktop_config.json

Add servers to the mcpServers object:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Save and restart Claude Desktop. For detailed setup, see How to set up MCP plugins in Claude Desktop.

Claude Code CLI (terminal)

The fastest method is the claude mcp add command:

claude mcp add github --env GITHUB_PERSONAL_ACCESS_TOKEN=ghp_your_token -- npx -y @modelcontextprotocol/server-github

This writes the config to .claude/settings.json in your project directory. You can also edit that file directly if you prefer the JSON approach.

To verify a server is connected:

claude mcp list

The CLI approach is faster for developers who live in the terminal. No app restart needed. The server is available immediately in your next Claude Code session.

Coding and version control

GitHub MCP server | Security score: 9.5/10

The most installed MCP server for a reason. It gives Claude Code full access to the GitHub API: create and manage issues, open pull requests, review code, search across repositories, and read file contents from any repo. Instead of switching to the browser, you tell Claude "open a PR with these changes" or "find all open issues labeled bug" and it handles the API calls.

In Claude Code CLI, this is especially powerful because you're already in a repository. Claude can read your local changes, create a PR, and link it to an existing issue in a single conversation. See the full GitHub MCP server guide.

claude mcp add github --env GITHUB_PERSONAL_ACCESS_TOKEN=ghp_your_token -- npx -y @modelcontextprotocol/server-github

Context7 | Security score: 8.5/10

Pulls up-to-date, version-specific documentation for any library directly into your Claude Code context. Instead of Claude relying on its training data (which may be outdated for fast-moving libraries), Context7 fetches the current docs. Ask "how do I use the new React 19 cache API?" and it retrieves the actual documentation rather than guessing.

This matters most in Claude Code where you're actively writing code. Having accurate, current API references in context while coding eliminates a class of bugs caused by outdated knowledge.

claude mcp add context7 -- npx -y @upstash/context7-mcp

Databases

PostgreSQL MCP server | Security score: 8.8/10

Run natural language queries against any Postgres database. Point it at your connection string and ask Claude "show me all users who signed up this week" or "what are the largest tables by row count." It writes the SQL, executes it, and returns results. Built-in read-only safety mode prevents accidental writes during exploration. See the database MCP server guide.

claude mcp add postgres -- npx -y @modelcontextprotocol/server-postgres postgresql://user:password@localhost:5432/mydb

Supabase MCP server | Security score: 8.9/10

If your project runs on Supabase, this server connects directly to your project. Query tables, inspect your schema, manage auth users, and check RLS policies without switching to the Supabase dashboard. In Claude Code, this means you can debug a data issue, fix the code, and verify the fix all in the same terminal session.

claude mcp add supabase --env SUPABASE_URL=https://your-project.supabase.co --env SUPABASE_SERVICE_ROLE_KEY=your_key -- npx -y @supabase/mcp-server

Search and research

Brave Search MCP server | Security score: 9.0/10

Gives Claude Code real-time web search. When you need current information (checking the latest version of a package, looking up an API that changed recently, or researching a library you haven't used before), Brave Search fetches live results. This fills the gap between Claude's training data and the present.

Requires a free API key from Brave Search API.

claude mcp add brave-search --env BRAVE_API_KEY=your_key -- npx -y @modelcontextprotocol/server-brave-search

Sequential Thinking | Security score: 9.7/10

Not a search tool, but it changes how Claude reasons through complex problems. It structures the AI's thinking into explicit steps with the ability to revise and branch. Useful for architecture decisions, debugging multi-step issues, or any task where you want Claude to show its reasoning rather than jumping to an answer.

The 9.7 security score is the highest on this list because it has no external API calls or credentials since it operates entirely on the reasoning layer.

claude mcp add sequential-thinking -- npx -y @modelcontextprotocol/server-sequential-thinking

Browser automation

Playwright MCP server | Security score: 9.2/10

Browser automation using accessibility snapshots rather than raw screenshots. Navigate pages, click elements, fill forms, and extract content. Useful for testing your own app during development: tell Claude "open localhost:3000 and check if the signup flow works" and it walks through the pages.

Built by Microsoft. The accessibility-based approach means it reads the page structure rather than relying on pixel positions, making it more reliable than screenshot-based automation.

claude mcp add playwright -- npx -y @anthropic-ai/mcp-server-playwright

Puppeteer MCP server | Security score: 8.6/10

The alternative to Playwright for browser automation. Runs a headless Chrome instance for screenshotting pages, scraping dynamic content, and filling out forms. If your team already uses Puppeteer in your test suite, this server fits naturally into your workflow.

claude mcp add puppeteer -- npx -y @modelcontextprotocol/server-puppeteer

Both work well. If you're starting fresh, Playwright has the edge in reliability and security score. If you already have Puppeteer infrastructure, stick with it.

Productivity and system access

Filesystem MCP server | Security score: 9.4/10

Read, write, search, and organize files on your local machine with configurable access controls. You specify which directories the server can access, and it enforces those boundaries. In Claude Code CLI, this extends Claude's reach beyond the current project directory, which is useful when you need to reference config files, read logs, or work across multiple projects.

claude mcp add filesystem -- npx -y @modelcontextprotocol/server-filesystem /Users/you/projects /Users/you/documents

Slack MCP server | Security score: 8.5/10

Search message history, send updates to channels, and pull conversation context into Claude Code. During incident response, ask Claude "summarize what was discussed in #engineering-incidents today" and get a quick briefing. Also useful for posting status updates without context-switching. See the Slack MCP server guide.

Requires a Slack app with appropriate OAuth scopes. See api.slack.com/apps for setup.

claude mcp add slack --env SLACK_BOT_TOKEN=xoxb-your-token --env SLACK_TEAM_ID=T0123456 -- npx -y @modelcontextprotocol/server-slack

Memory MCP server | Security score: 9.4/10

Persistent memory using a knowledge graph that survives across sessions. Claude Code sessions are ephemeral by default. When you close a conversation, the context is gone. The Memory server lets Claude store and retrieve facts, preferences, and project context that persist. Tell it "remember that our staging database is on port 5433" and it will recall that in future sessions.

claude mcp add memory -- npx -y @modelcontextprotocol/server-memory

Recommended starter configurations

For most developers working with Claude Code, here are three tiers:

Essential (start here):

1. GitHub for version control
2. Brave Search for real-time lookups
3. Context7 for current documentation

Full-stack development: Add PostgreSQL or Supabase for database access, plus Playwright for browser testing.

Power user: Add Memory for persistent context, Sequential Thinking for structured reasoning, and Slack for team communication.

How to check if a server is safe

Before installing any server, check its security score on MCP Marketplace. Every listing includes a security report covering credential handling, permission scope, and code quality. All servers on this list score 8.5 or higher.

For a deeper look at MCP security considerations, read Are MCP servers safe?.

Browse the full list of MCP servers on MCP Marketplace.