Delv
CommunityAbandoned· 1.6y4.3by Anais Betts

MCP Installer

A meta-MCP that installs other MCPs from npm/PyPI on your behalf via natural language. Reduces config-file fiddling for new users.

View repo Homepage
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer55
Permissions35
Supply chain75
Transparency70
Incidents100

MCP Installer is a meta-server by solo developer Anaisbetts that automates installation of other MCP servers through natural language commands. It executes shell commands (npm/pip), writes to filesystem (modifying Claude Desktop config files), and reads environment variables. The convenience is real but the security model is concerning: you're delegating package installation decisions to an LLM, which then runs arbitrary install scripts with your user privileges. The maintainer is active in the MCP community and the code is open source on npm, but this is fundamentally a tool that trades safety for convenience. A malicious or confused LLM prompt could install unvetted packages or misconfigure your system. The supply chain is standard npm, and there are no known incidents, but the permission surface is broad: shell execution plus config file writes means high blast radius if something goes wrong.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Installs npm packages — effectively arbitrary code execution. Treat as a trifecta even though only two axes are nominally true. Anything it installs inherits the agent's entire trust scope.

Green flags

  • Published on npm with standard package distribution
  • Open source with visible code on GitHub
  • Solves real UX pain point for non-technical users
  • Active in MCP community with responsive issue handling
  • No known security incidents or malicious behaviour

Red flags

  • Executes arbitrary npm/pip install commands based on LLM interpretation
  • Writes to Claude Desktop config files with potential for misconfiguration
  • Solo maintainer with moderate community presence, higher bus factor
  • Delegates security-critical installation decisions to AI without human review
  • Could install malicious packages if LLM is prompt-injected or confused

Permissions requested

Shell executeWrite filesRead filesRead envOutbound network
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y @anaisbetts/mcp-installer

Review

MCP Installer is a meta-server that lets you install other MCP servers by asking Claude to do it, rather than editing JSON config files by hand. You tell Claude "install the Brave Search MCP" and it runs the npm or PyPI commands, updates your config, and prompts for any required environment variables. It's a quality-of-life tool for people who find the manual config dance tedious. I'd reach for this when setting up a fresh Claude Desktop instance or when onboarding non-technical users who want MCP features without learning JSON syntax. The workflow is genuinely faster: you ask for a server, Claude installs it, you paste in API keys when prompted, and you're done. No switching to a text editor, no hunting for the config file path, no syntax errors from trailing commas. The quirks are worth knowing. It only works with Claude Desktop right now, so if you're running MCPs in a custom host or via the CLI, you're back to manual config. It also assumes you're comfortable giving Claude permission to modify files on your system, which is a reasonable security consideration. The server relies on npm and PyPI being available in your PATH, so if your environment is locked down or uses non-standard package managers, you'll hit friction. The real win is discoverability. You can ask Claude "what MCPs are available for web search?" and it can suggest options, then install them on the spot. This turns MCP adoption from a documentation hunt into a conversation. For teams rolling out Claude Desktop to multiple machines, it's a time-saver. For solo developers who just want to try a new server without context-switching, it's pleasant. Who shouldn't bother: anyone running a single stable MCP setup, or developers who prefer explicit control over their config files. If you're already fluent in the manual process and rarely add new servers, this adds a dependency for marginal benefit. But if you're experimenting with MCPs regularly or helping others get started, it's worth the install.
Verdict

Install this if you add MCP servers often or help others set up Claude Desktop. It trades a small trust surface for a much faster onboarding loop. Skip it if you run one or two stable servers and prefer manual config control.

Good at

  • Eliminates manual JSON editing for adding new MCP servers, which is genuinely faster for frequent experimenters.
  • Prompts for environment variables in chat rather than requiring you to hunt down docs and edit config files.
  • Makes MCP discovery conversational, so you can ask Claude what's available and install it immediately.
  • Useful for onboarding teams or setting up multiple machines without repeating the same config steps.

Watch out

  • Only supports Claude Desktop, so custom hosts or CLI users still need manual config.
  • Requires npm or PyPI in your PATH, which may not suit locked-down or non-standard environments.
  • Gives Claude write access to your config file, which is a small but real security consideration.
  • Offers minimal benefit if you run a stable set of one or two MCPs and rarely add new ones.

Use cases

  • "Install the Brave Search MCP" via chat
  • Setting env vars without editing config files
  • Discovering MCPs through conversation
  • Onboarding a new Claude Desktop machine quickly

Getting started

1. Run `npx -y @anaisbetts/mcp-installer` to install the server. 2. Add it to your Claude Desktop config under `mcpServers` with the command `npx -y @anaisbetts/mcp-installer`. Restart Claude Desktop. 3. In a Claude chat, say "install the [name] MCP" and follow prompts for any required API keys or environment variables. 4. Verify by asking Claude to use a tool from the newly installed server. 5. Watch out: the installer modifies your config file directly, so keep a backup if you have a complex setup.

Works with

Claude Desktop

Similar MCPs