Delv
Official (Vendor)Slow· 1mo4.3by Liveblocks

Liveblocks

Liveblocks' official MCP. Manage rooms, threads, comments, and presence for collaborative apps from your agent.

View repo Homepage
A
Safety & Trust

Delv Safety Grade: A

Score 82/100 · assessed 2026-04-28

Maintainer85
Permissions75
Supply chain65
Transparency90
Incidents100

Liveblocks is a well-established collaboration platform vendor, and this is their official MCP server. The maintainer score reflects a professional mid-size company with a clear product focus, though not quite the scale of major cloud providers. Permissions are moderately scoped: the server can read and write rooms, comments, threads, and presence data within your Liveblocks workspace, plus delete and archive operations. This is broader than read-only but still domain-specific to collaboration features. Supply chain is the weakest link: no npm or PyPI package means manual clone-and-build installation, and the secret key requirement means you're handing over full API access. Transparency is strong with open source code and clear documentation from the vendor. No known security incidents. Suitable for teams already using Liveblocks who need agent-driven workspace management, but the install method and broad write permissions warrant careful key scoping.

Lethal Trifecta (prompt-injection exposure)

TRIFECTA RISK
All three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Real-time collaborative state means anyone in the room can plant content the agent reads. Plus auth tokens. Plus outbound.

Green flags

  • Official vendor-maintained server from Liveblocks team
  • Open source with clear documentation and issue tracker
  • Domain-specific to collaboration, not general filesystem or shell access
  • Active maintenance from established collaboration platform company
  • No known security incidents or CVEs

Red flags

  • No package registry distribution, requires manual clone-and-build install
  • LIVEBLOCKS_SECRET_KEY grants full API access to entire workspace
  • Can delete and archive rooms, potentially destructive operations
  • Write access to comments and threads across all rooms

Permissions requested

Outbound networkAccess secretsDB readDB writeRead messagesSend messages
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Review

Liveblocks is a collaboration platform for real-time features, and this MCP hands your AI agent the keys to its backend. You get tools to list, inspect, archive, and delete rooms, plus read and manage threaded comments, and peek at user presence data. It's the official server from Liveblocks themselves, so it tracks their API surface closely. I'd reach for this when I'm debugging a collaborative app in production or running housekeeping tasks that would otherwise mean writing throwaway scripts. Say you've got a Notion-style workspace with hundreds of stale rooms cluttering your dashboard. You can ask Claude to list all rooms inactive for 90 days, filter by participant count, then bulk-archive them. Or replay a thread of comments to understand why a user reported a confusing conversation flow. The presence endpoints let you pull live user state into reports or alerts without touching the web UI. The workflow that sold me: auditing comment threads across rooms. I asked Claude to fetch all threads in a specific room, summarise the unresolved ones, and flag threads with no activity in two weeks. It surfaced three abandoned feature requests I'd missed. That kind of ad-hoc query would've meant writing a Node script, authenticating, paginating results, then formatting output. Here it's a single prompt. Quirks: you need a Liveblocks secret key, so this is for teams already running Liveblocks in production. It won't help you if you're evaluating the platform or building a prototype. The server doesn't create or update rooms or comments, only reads and deletes. That's sensible for an MCP, but if you expect full CRUD, you'll hit a wall. Also, presence data is read-only, so you can't simulate user states for testing. Skip this if you're not already a Liveblocks customer. If you are, and you've ever wished you could interrogate your collaboration layer without opening the dashboard or writing a script, install it.
Verdict

If you're running Liveblocks in production, this is a no-brainer for auditing, housekeeping, and debugging collaborative state. Everyone else can ignore it. The read-heavy API is a feature, not a bug, but expect to write code if you need mutations beyond deletion.

Good at

  • Official vendor support means it tracks Liveblocks API changes without lag.
  • Threaded comment inspection is genuinely useful for debugging user-reported issues.
  • Bulk operations, like archiving stale rooms, save hours of manual clicking.
  • Read-only presence data is perfect for generating activity reports or monitoring dashboards.

Watch out

  • Useless unless you're already paying for Liveblocks in production.
  • No write operations for rooms or comments, only deletion, so you can't automate content updates.
  • Manual config required for hosts beyond Claude Desktop, no pre-packaged install.
  • Presence endpoints are read-only, so you can't mock user states for testing scenarios.

Use cases

  • Auditing rooms in a collaborative app
  • Replaying threaded comments
  • Bulk-archiving stale rooms
  • Syncing user presence into reports

Getting started

1. Grab your Liveblocks secret key from the dashboard under Project Settings > API Keys. 2. Add the server to your Claude Desktop config with `LIVEBLOCKS_SECRET_KEY` set as an environment variable. The repo README has the exact JSON snippet. 3. Restart Claude Desktop and confirm the server appears in your MCP list. 4. Test it by asking Claude to list all rooms in your project. You should see room IDs and metadata. 5. Watch out: the server can delete rooms and comments permanently. Treat it like you'd treat direct database access.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs