Published June 10, 2026
An MCP server is a small program that exposes a tool, data source, or API to an AI app through the open Model Context Protocol, so the model can read and act on that system directly instead of guessing. This is a practitioner's shortlist of the MCP servers actually worth using in 2026, grouped by what they do, exactly how to add them to Claude Code, where to find more, and the security risk most lists skip.
I build a few MCP servers myself, so this is written from inside the ecosystem, not just from using it. For pricing of the client most people run these in, see Claude Code Pricing 2026.
What is an MCP server?
MCP is an open protocol (JSON-RPC based) that connects LLM apps (the host, like Claude Code or the Claude desktop app) to external systems. A server exposes three things to the client: Resources (data and context), Prompts (reusable templated workflows), and Tools (functions the model can actually call). Source: MCP specification
The current stable spec is dated 2025-11-25. A release candidate dated 2026-07-28 is in progress and ships in late July 2026 with breaking changes (a stateless core, an extensions framework, sandboxed MCP Apps, and OAuth hardening), so if you read "MCP 2026" elsewhere, note the live spec is still the November 2025 one until then. MCP 2026 roadmap
The official MCP reference servers (there are only 7 now)
This trips up most "best MCP servers" lists. The official modelcontextprotocol/servers repo was pruned, and the current reference set is just seven servers (source):
| Server | What it does |
|---|---|
| Filesystem | Secure file read/write with configurable access controls |
| Git | Read, search, and manipulate Git repositories |
| Fetch | Fetch and convert web content for the model |
| Memory | Knowledge-graph persistent memory across sessions |
| Sequential Thinking | Structured, reflective multi-step reasoning |
| Time | Time and timezone conversion |
| Everything | Reference/test server exercising the full protocol |
The old first-party GitHub, PostgreSQL, Slack, SQLite, Puppeteer, Brave Search, and Google Drive servers were moved to servers-archived and are no longer maintained (source). Their jobs are now done by vendor-maintained or third-party servers below. If a tutorial tells you to install @modelcontextprotocol/server-github in 2026, it is out of date.
Best MCP servers by category
Maintainers and endpoints below are from primary sources. I am deliberately not publishing star counts, they change daily and no single source ranks "most popular" reliably, so treat this as a curated shortlist, not a leaderboard.
Developer tools
- GitHub MCP Server - official, maintained by GitHub. Read repos and code, manage issues and PRs, run code-security analysis, automate workflows. github/github-mcp-server
- Git, Filesystem, Fetch - the official reference servers above. The everyday backbone for any coding agent.
Browser and automation
- Playwright MCP - official, maintained by Microsoft. Drives a real browser through the structured accessibility tree rather than screenshots, which is faster and more reliable for agents. microsoft/playwright-mcp
Databases
- Postgres / SQL - the old official Postgres server is archived. The current path Anthropic documents is Bytebase DBHub (
npx -y @bytebase/dbhub --dsn "postgresql://..."), and the managed Postgres vendors (Supabase, Neon) ship their own MCP servers. Claude Code MCP docs
Productivity and SaaS (hosted, remote HTTP) These run as remote servers you connect to over HTTP with OAuth, no local install. Official endpoints documented by Anthropic:
| Server | Endpoint |
|---|---|
| Notion | https://mcp.notion.com/mcp |
| Slack | https://mcp.slack.com/mcp |
| Sentry | https://mcp.sentry.dev/mcp |
| Stripe | https://mcp.stripe.com |
| Asana | https://mcp.asana.com/sse |
Source: Claude Code MCP docs. Linear, HubSpot, and PayPal publish official MCP servers too.
Search
- Exa MCP - semantic web search built for agents, widely cited in 2026. I would not call it the single "best" without a hard source, but it is the search server I see recommended most.
How to add an MCP server to Claude Code
This is the part people actually search for. From the official Claude Code MCP docs:
Remote (HTTP) server:
claude mcp add --transport http notion https://mcp.notion.com/mcpAdd an auth header when needed: --header "Authorization: Bearer YOUR_TOKEN". Then run /mcp inside Claude Code to complete OAuth in the browser.
Local (stdio) server:
claude mcp add --transport stdio playwright -- npx -y @playwright/mcp@latestEverything after -- is the command Claude Code runs. Pass secrets with --env KEY=value.
Scopes decide where the server is available:
--scope local(default) - this project only, private to you--scope project- shared via a.mcp.jsonfile in the repo (teammates get it; requires approval before first use)--scope user- all your projects
A project .mcp.json looks like:
{
"mcpServers": {
"stripe": { "type": "http", "url": "https://mcp.stripe.com" }
}
}Manage with claude mcp list, claude mcp get <name>, claude mcp remove <name>. Note: the old SSE transport is deprecated, use HTTP for remote servers. For a fuller walkthrough see Claude Code MCP setup.
Where to find more MCP servers
- Official MCP Registry - the project's own "app store" for servers, in preview since September 2025 with GA to follow. github.com/modelcontextprotocol/registry
- Anthropic connector directory - reviewed connectors addable in Claude Code. claude.ai/directory
- Community aggregators - mcp.so, Smithery, Glama, and the Docker MCP Catalog list community and vendor servers. Useful for discovery, but vet anything before you connect it (see below).
A note from building them
I maintain a few MCP servers in production: Screenbox (gives an AI agent a real isolated Linux desktop and browser), Rein (multi-agent workflow orchestration), and Mesh (semantic vector memory). Two lessons that shaped this list: hosted HTTP servers with OAuth are now far less painful than local stdio for anything a team shares, and the servers that win are the ones that expose a few sharp tools, not fifty vague ones.
The security caveat most lists skip
An MCP server is arbitrary code that the model can invoke, and its tool descriptions are read by the model but usually not by you. The dominant 2026 attack class is tool poisoning: hidden instructions buried in a server's tool metadata that hijack the model on every call. The MCP spec itself says tool descriptions "should be considered untrusted unless obtained from a trusted server," and Claude Code's docs warn that servers fetching external content can expose you to prompt injection. Claude Code MCP docs
Practical rules: install from official or vendor sources, prefer the official registry and vendor endpoints over random GitHub forks, read what tools a server exposes before approving it, and do not give a server credentials it does not need.
Frequently asked questions
What is an MCP server? An MCP server is a small program that exposes a tool, data source, or API to an AI app through the open Model Context Protocol. It provides Resources (data), Prompts (templated workflows), and Tools (functions the model can call), so an AI client like Claude Code can read and act on that system directly.
What are the best MCP servers in 2026? The official reference servers (Filesystem, Git, Fetch, Memory, Sequential Thinking, Time, Everything) are the backbone. Beyond those, the most used are GitHub's official GitHub MCP, Microsoft's Playwright MCP for browser automation, database servers like Bytebase DBHub and the Supabase/Neon MCPs, and hosted SaaS servers from Notion, Slack, Sentry, Stripe, Linear, and Asana.
How do I add an MCP server to Claude Code? Use claude mcp add. For a remote server: claude mcp add --transport http notion https://mcp.notion.com/mcp, then run /mcp to authorize. For a local one: claude mcp add --transport stdio playwright -- npx -y @playwright/mcp@latest. Use --scope project to share a server with your team via a .mcp.json file.
What happened to the official GitHub and Postgres MCP servers? They were archived. The early first-party GitHub, PostgreSQL, Slack, SQLite, Puppeteer, Brave Search, and Google Drive reference servers moved to the servers-archived repo and are no longer maintained. Use the vendor servers instead (GitHub's own GitHub MCP, Bytebase DBHub or Supabase/Neon for Postgres, the hosted Slack endpoint, and so on).
Are MCP servers safe? They run arbitrary code the model can invoke, so treat them like installing a package. The main risk is tool poisoning (malicious instructions hidden in tool metadata) and prompt injection from servers that fetch external content. Install from official or vendor sources, use the official registry, review the tools a server exposes before approving it, and limit the credentials you hand it.
