{"id":"supermemoryai-install-mcp","name":"install-mcp","homepage":"https://www.npmjs.com/package/install-mcp","repo_url":"https://github.com/supermemoryai/install-mcp","category":"devtools","subcategories":[],"tags":["cli","mcp","oauth","configuration","typescript","automation","devtools"],"what_it_does":"CLI tool to install and manage MCP servers for multiple clients (e.g., Claude Desktop, Cursor, VSCode, etc.). Supports installing from package names, scoped packages, full command strings, and remote URLs; can perform OAuth-based authentication for remote servers and write generated configuration for the selected client(s).","use_cases":["Simplify onboarding of MCP servers for different AI clients","Install MCP servers from npm package names or remote URLs with minimal manual setup","Configure OAuth-protected MCP servers and reuse authentication across clients","Add custom headers (including project header for Supermemory-hosted servers) during installation/config generation"],"not_for":["Automated server-side provisioning or hosting of MCP servers","Environments requiring strict auditability of auth flows or fully documented OAuth scopes/targets (not specified in README)"],"best_when":"You need a one-command way to add MCP servers to various desktop/CLI clients, including remote URL installs that require OAuth.","avoid_when":"You need a standardized API with machine-readable contracts, or you require explicit rate-limit details, retry/idempotency guarantees, and fully specified security properties beyond CLI behavior.","alternatives":["Direct installation/manual configuration for each MCP client","Community MCP installers or provider-specific setup scripts","Generic MCP client configuration management tools (if available for your client)"],"af_score":41.5,"security_score":51.2,"reliability_score":38.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:38:50.968446+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth authentication prompt/flow for remote URL installs","Header-based authentication via --header for remote servers"],"oauth":true,"scopes":false,"notes":"README describes an OAuth prompt/flow for remote servers but does not document OAuth scopes or token storage location/format. It also claims authentication state is shared globally once authenticated."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing not mentioned in provided README/manifest."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":41.5,"security_score":51.2,"reliability_score":38.8,"mcp_server_quality":30.0,"documentation_accuracy":78.0,"error_message_quality":null,"error_message_notes":"README includes at least one specific failure message: \"Authentication failed. Use the client to authenticate.\" Other operational errors (network/validation/CLI parsing) are not described.","auth_complexity":65.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":55.0,"scope_granularity":20.0,"dependency_hygiene":70.0,"secret_handling":45.0,"security_notes":"Security properties are partially implied rather than specified: CLI supports passing headers and performs OAuth flows for remote servers, but README does not document token storage, transport/security guarantees beyond assumed HTTPS, scope granularity, or safe handling of secrets in logs. It does however provide some user-facing controls (skip/bypass OAuth, header injection) and a clear failure message for OAuth errors. Dependency list is relatively small and modern-typical for a CLI, but no vulnerability/CVE status is provided.","uptime_documented":0.0,"version_stability":60.0,"breaking_changes_history":60.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":"No explicit idempotency guarantees (e.g., whether repeated runs overwrite/merge deterministically) are stated in README.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Authentication state is described as globally shared; repeated runs may have side effects depending on how the CLI caches tokens.","Supermemory project header injection rules are URL-target specific (api.supermemory.ai/*) and values must not contain spaces; invalid values may cause failures without documented guidance.","Remote installs may prompt interactively unless flags like --oauth are provided, which can break non-interactive automation."]}}