← Back to search

@upstash/context7-mcp

upstash MIT 55,680 stars Scanned 5h ago

MCP server for Context7

npm MCP Registry
C
66.1 / 100

Versions

1.0.0 latest
May 20, 2026
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 2

resolve-library-id
unchecked low

Resolves a package/product name to a Context7-compatible library ID and returns matching libraries. You MUST call this function before 'Query Documentation' tool to obtain a valid Context7-compatible library ID UNLESS the user explicitly provides a library ID in the format '/org/project' or '/org/project/version' in their query. Each result includes: - Library ID: Context7-compatible identifier (format: /org/project) - Name: Library or package name - Description: Short summary - Code Snippets: Number of available code examples - Source Reputation: Authority indicator (High, Medium, Low, or Unknown) - Benchmark Score: Quality indicator (100 is the highest score) - Versions: List of versions if available. Use one of those versions if the user provides a version in their query. The format of the version is /org/project/version. For best results, select libraries based on name match, source reputation, snippet coverage, benchmark score, and relevance to your use case. Selection Process: 1. Analyze the query to understand what library/package the user is looking for 2. Return the most relevant match based on: - Name similarity to the query (exact matches prioritized) - Description relevance to the query's intent - Documentation coverage (prioritize libraries with higher Code Snippet counts) - Source reputation (consider libraries with High or Medium reputation more authoritative) - Benchmark Score: Quality indicator (100 is the highest score) Response Format: - Return the selected library ID in a clearly marked section - Provide a brief explanation for why this library was chosen - If multiple good matches exist, acknowledge this but proceed with the most relevant one - If no good matches exist, clearly state this and suggest query refinements For ambiguous queries, request clarification before proceeding with a best-guess match. IMPORTANT: Do not call this tool more than 3 times per question. If you cannot find what you need after 3 calls, use the best result you have.

readOnlyHint true openWorldHint true idempotentHint true destructiveHint false
query-docs
unchecked low

Retrieves and queries up-to-date documentation and code examples from Context7 for any programming library or framework. You must call 'Resolve Context7 Library ID' tool first to obtain the exact Context7-compatible library ID required to use this tool, UNLESS the user explicitly provides a library ID in the format '/org/project' or '/org/project/version' in their query. Do not call this tool more than 3 times per question.

readOnlyHint true openWorldHint true idempotentHint true destructiveHint false

Permissions 4

network medium
Server uses network capabilities via: fetch(), http
filesystem low
Server uses filesystem capabilities via: fs sync ops
shell high
Server uses shell capabilities via: child_process, execSync(), spawn()
env_vars low
Server uses env_vars capabilities via: process.env

Scan Findings 34

info
package.json metadata manifest_parser · 100%
info
Tool: resolve-library-id manifest_parser · 85%
info
Tool: query-docs manifest_parser · 85%
info
Transport: stdio manifest_parser · 90%
info
Required env vars (20) manifest_parser · 80%
info
Tool 'resolve-library-id' annotations are consistent annotation_checker · 80%
info
Tool 'query-docs' annotations are consistent annotation_checker · 80%
critical
Tool poisoning in 'resolve-library-id': Directive language: 'you must' poisoning · 85%
critical
Tool poisoning in 'query-docs': Directive language: 'you must' poisoning · 85%
medium
Permission: network access detected permission_analyzer · 80%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.1 (GHSA-345p-7cg4-v4c7) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.1 (GHSA-8r9q-7v3j-jr4g) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-2mjp-6q6p-2qxm) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-4992-7rv2-5pvq) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-9qxr-qj54-h672) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-c76h-2ccp-4975) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-cxrh-j4jr-qwg3) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-f269-vfmq-vjvj) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-g9mf-h72j-4rw9) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-m4v8-wqvr-p9f7) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-v9p9-hfj2-hcw8) dependency_analyzer · 95%
medium
Vulnerable dependency: undici@6.6.3 (GHSA-vrm6-8vpv-qv8q) dependency_analyzer · 95%
high
Generic API Key Assignment found in packages/tools-ai-sdk/src/agents/context7.ts secret_scanner · 75%
medium
Hex string literal (>50 chars) in packages/mcp/src/lib/encryption.ts:4 entropy_analyzer · 70%
info
SLSA Build Level 3 detected slsa_assessor · 85%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 34 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%