install-mcp
CLI tool to install and manage MCP servers for multiple clients (e.g., Claude Desktop, Cursor, VSCode, etc.). Supports installing from package names, scoped packages, full command strings, and remote URLs; can perform OAuth-based authentication for remote servers and write generated configuration for the selected client(s).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security properties are partially implied rather than specified: CLI supports passing headers and performs OAuth flows for remote servers, but README does not document token storage, transport/security guarantees beyond assumed HTTPS, scope granularity, or safe handling of secrets in logs. It does however provide some user-facing controls (skip/bypass OAuth, header injection) and a clear failure message for OAuth errors. Dependency list is relatively small and modern-typical for a CLI, but no vulnerability/CVE status is provided.
⚡ Reliability
Best When
You need a one-command way to add MCP servers to various desktop/CLI clients, including remote URL installs that require OAuth.
Avoid When
You need a standardized API with machine-readable contracts, or you require explicit rate-limit details, retry/idempotency guarantees, and fully specified security properties beyond CLI behavior.
Use Cases
- • Simplify onboarding of MCP servers for different AI clients
- • Install MCP servers from npm package names or remote URLs with minimal manual setup
- • Configure OAuth-protected MCP servers and reuse authentication across clients
- • Add custom headers (including project header for Supermemory-hosted servers) during installation/config generation
Not For
- • Automated server-side provisioning or hosting of MCP servers
- • Environments requiring strict auditability of auth flows or fully documented OAuth scopes/targets (not specified in README)
Interface
Authentication
README describes an OAuth prompt/flow for remote servers but does not document OAuth scopes or token storage location/format. It also claims authentication state is shared globally once authenticated.
Pricing
Pricing not mentioned in provided README/manifest.
Agent Metadata
Known Gotchas
- ⚠ Authentication state is described as globally shared; repeated runs may have side effects depending on how the CLI caches tokens.
- ⚠ Supermemory project header injection rules are URL-target specific (api.supermemory.ai/*) and values must not contain spaces; invalid values may cause failures without documented guidance.
- ⚠ Remote installs may prompt interactively unless flags like --oauth are provided, which can break non-interactive automation.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for install-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.