Untappd MCP — search beers/breweries/venues, read check-ins & wishlists, post check-ins
Untappd MCP — search beers/breweries/venues, read check-ins & wishlists, post check-ins
This is a well-structured MCP server that implements proper authentication with Untappd's private API. The code demonstrates good security practices including credential management via environment variables, proper error handling, and confirm-gated write operations. Minor code quality observations exist around broad exception handling and logging practices, but these do not constitute material security risks. Permissions align appropriately with the server's purpose of reading and writing user Untappd data. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 1 high severity). Package verification found 1 issue.
7 files analyzed · 7 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: UNTAPPD_USERNAME
Environment variable: UNTAPPD_PASSWORD
Environment variable: UNTAPPD_CLIENT_ID
Environment variable: UNTAPPD_CLIENT_SECRET
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-chrischall-untappd-mcp": {
"env": {
"UNTAPPD_PASSWORD": "your-untappd-password-here",
"UNTAPPD_USERNAME": "your-untappd-username-here",
"UNTAPPD_CLIENT_ID": "your-untappd-client-id-here",
"UNTAPPD_CLIENT_SECRET": "your-untappd-client-secret-here"
},
"args": [
"-y",
"untappd-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
An MCP server for Untappd. It talks to Untappd's mobile (v4) API using your own account — search beers, breweries, and venues; read profiles, check-ins, wishlists, distinct beers, badges, friends, and your friend activity feed; and post check-ins, toasts, and comments.
Developed and maintained by AI (Claude Code). Use at your own discretion. This is an unofficial client that uses Untappd's private mobile API; it is not affiliated with or endorsed by Untappd.
Untappd's iPad/iPhone app authenticates with a username/password xauth login
(POST https://api.untappd.com/v4/xauth) that returns an access token, then
calls the v4 API. This server reproduces that exactly:
access_token query param.Authorization: Bearer header (with the app's client
credentials in the query), matching the app's real requests.The token is fetched on demand, cached in memory, and refreshed automatically if it goes stale.
| Variable | Required | Description |
|---|---|---|
UNTAPPD_USERNAME | yes | Your Untappd username or login email. |
UNTAPPD_PASSWORD | yes | Your Untappd password (used only for the xauth login). |
UNTAPPD_CLIENT_ID | yes | The Untappd mobile app client id (see below). |
UNTAPPD_CLIENT_SECRET | yes | The Untappd mobile app client secret. |
UNTAPPD_DEVICE_ID | no | Stable device UUID the token is keyed to (a default is provided). |
UNTAPPD_UTV | no | API version param (default 4.0.0). |
UNTAPPD_USER_AGENT | no | Override the User-Agent (default mimics the app). |
Copy .env.example to .env and fill it in for local use.
Untappd does not publish these; they live in the mobile app. Capture them from your own app's traffic with an HTTPS proxy:
POST https://api.untappd.com/v4/xauth
request — its query string contains client_id and client_secret.UNTAPPD_CLIENT_ID / UNTAPPD_CLIENT_SECRET.Keep these values private; do not commit them.
Reads: untappd_search_beer, untappd_beer_info, untappd_beer_activity,
untappd_search_brewery, untappd_brewery_info, untappd_brewery_beers,
untappd_search_venue, untappd_venue_info, untappd_venue_activity,
untappd_user_info, untappd_user_checkins, untappd_user_wishlist,
untappd_user_beers, untappd_user_badges, untappd_user_friends, untappd_pending_friends,
untappd_activity_feed, untappd_checkin_info, untappd_resolve, untappd_open_url, untappd_user_venues, untappd_venue_by_foursquare, untappd_trending,
untappd_notifications, untappd_local_checkins, untappd_healthcheck.
Writes (confirm-gated — return a dry-run preview unless called with
confirm: true): untappd_toast, untappd_add_comment, untappd_delete_comment, untappd_checkin,
untappd_wishlist_add, untappd_wishlist_remove, untappd_delete_checkin,
untappd_add_friend, untappd_accept_friend, untappd_reject_friend, untappd_remove_friend.
npm install
npm run build
npm test
MIT
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.