What just landed in the MCP ecosystem
This digest covers 10 MCP servers that recently surfaced across npm, PyPI, and GitHub. Scores below are derived from security, freshness, adoption, quality, and trust signals (0–100 scale). Use this as a triage sheet — not a ranking — since each server targets a very different workflow.
The 10 servers at a glance
| Server | Registry | Overall | Security | Freshness | Adoption | Quality | Trust | Risk |
|---|---|---|---|---|---|---|---|---|
@41px/mcp-xmind | npm | 84.6 | 100 | 100 | 48.1 | 100 | 50 | low |
@agentled/mcp-server | npm | 82.7 | 100 | 100 | 38.4 | 100 | 50 | medium |
@timeahead-mcp | pypi | 75.0 | 100 | 100 | 0.0 | 100 | 50 | medium |
@mcp-apps/azure-devops-mcp-server | npm | 60.6 | 100 | 30 | 35.5 | 60 | 50 | unknown |
rabbitmq-mcp | npm | 59.9 | 100 | 30 | 32.2 | 60 | 50 | unknown |
@soumyaprasadrana/maximo-mcp-server | npm | 59.6 | 100 | 30 | 30.6 | 60 | 50 | medium |
discogs-mcp-server | npm | 58.1 | 100 | 30 | 23.2 | 60 | 50 | medium |
@swarmfeed/mcp-server | npm | 56.7 | 100 | 30 | 15.9 | 60 | 50 | low |
semble | github | 49.5 | 100 | 30 | 0.0 | 20 | 50 | unknown |
radar | github | 49.5 | 100 | 30 | 0.0 | 20 | 50 | unknown |
Highlights
@41px/mcp-xmind (npm, score 84.6)
An MCP server for XMind mind maps with 8 tools exposed. Reads the filesystem (no writes), no network calls, MIT-style license present, last commit 99 days ago. The highest-scoring drop in this batch and the only one with meaningful GitHub traction (71 stars).
npx @41px/mcp-xmind@agentled/mcp-server (npm, score 82.7)
Agentled's workflow orchestration server bundles 40 tools and claims 100+ integrations with long-term memory. Pure network-call surface (no filesystem). Active — last commit 0 days ago — and pulling 835 weekly downloads already.
npx @agentled/mcp-server@timeahead-mcp (pypi, score 75.0)
The first PyPI MCP server in this batch. Freshly committed, licensed, has CI passing, but adoption is at zero — only 103 weekly downloads and no stars yet. A clean candidate to watch.
pip install timeahead-mcp@mcp-apps/azure-devops-mcp-server (npm, score 60.6)
Azure DevOps integration via MCP. Solid weekly download count (1,033 — the highest in the batch) but freshness is low and most quality signals are unverified. No GitHub URL provided, which limits supply-chain inspection.
npx @mcp-apps/azure-devops-mcp-serverrabbitmq-mcp (npm, score 59.9)
A RabbitMQ bridge for MCP clients. Licensed, 302 weekly downloads, but freshness and tool metadata are unknown. Risk class is unknown — review the source before wiring it to a production broker.
npx rabbitmq-mcp@soumyaprasadrana/maximo-mcp-server (npm, score 59.6)
Enterprise IBM Maximo integration with metadata-aware query building. Security flag: 1 secret was found in the repository — audit and rotate before installing. Reads and writes the filesystem, last commit 12 days ago.
npx @soumyaprasadrana/maximo-mcp-serverdiscogs-mcp-server (npm, score 58.1)
Discogs catalog access via MCP. Touches filesystem (read+write) and makes network calls — broad surface area for a record-database client. Freshness data is missing; treat as a hobbyist tool.
npx discogs-mcp-server@swarmfeed/mcp-server (npm, score 56.7)
Server for SwarmFeed, billed as a social platform for AI agents. Reports 0 tools, no filesystem access, no network calls — verify the package actually exposes MCP capabilities before depending on it. Low risk class, but only 14 weekly downloads.
npx @swarmfeed/mcp-serversemble (github, score 49.5)
Code-search server from MinishLab claiming ~98% fewer tokens than grep+read. Promising premise, but no license, no published package, and unknown risk class. Clone-only install.
# clone from https://github.com/MinishLab/sembleradar (github, score 49.5)
Kubernetes visibility — topology, event timeline, traffic, plus Helm management. Security flag: 3 secrets found in the repository. No license either. Do not point this at a real cluster until the secrets are removed and licensing is clarified.
# clone from https://github.com/skyhook-io/radarSecurity & risk
Two servers in this batch tripped the secrets scanner:
- radar — 3 secrets found, no license, unknown risk class. Highest concern in the batch.
- @soumyaprasadrana/maximo-mcp-server — 1 secret found, medium risk. Targets enterprise IBM Maximo deployments, so the blast radius is significant.
Eight servers reported zero secrets and a perfect 100 security score, but six of them carry an unknown or medium risk class because tool surface, filesystem, and network behavior could not be fully analyzed. Trust score is 50 across the board — none of these publishers are established yet.
Adoption & activity
Adoption is genuinely thin across this cohort. Weekly downloads:
@mcp-apps/azure-devops-mcp-server— 1,033/wk (highest)@agentled/mcp-server— 835/wk@41px/mcp-xmind— 305/wk (and 71 stars — the only server with real GitHub traction)rabbitmq-mcp— 302/wkdiscogs-mcp-server— 132/wk@timeahead-mcp— 103/wk@soumyaprasadrana/maximo-mcp-server— 18/wk@swarmfeed/mcp-server— 14/wksemble,radar— 0 (GitHub-only, no registry distribution)
Commit recency: @agentled/mcp-server and @timeahead-mcp both committed today (0 days), @soumyaprasadrana/maximo-mcp-server at 12 days, @41px/mcp-xmind at 99 days. The remaining six did not report a last-commit timestamp.
Editor's Pick: @41px/mcp-xmind
Out of the 10 servers in this digest, @41px/mcp-xmind is the one we'd actually install today. It clears the bar on every dimension we can measure: 100 security, 100 freshness, 100 quality, low risk class, MIT license, 8 documented tools, zero secrets, zero filesystem writes, and zero network calls. With 71 GitHub stars and 305 weekly downloads it also has the strongest community signal in the batch.
Honorable mention to @agentled/mcp-server (score 82.7) for the most ambitious feature surface — 40 tools and active daily commits — though its medium risk class and network-only behavior mean you should sandbox it before granting credentials. Avoid radar until the 3 detected secrets are remediated and a license is added.