Research · 2026-04-30
Nine of 101 most-installed MCP servers are archived — what the maintenance signal looks like in 2026
Of the 101 community Model Context Protocol servers we audited in April 2026, nine have been declared dead by their maintainers — the GitHub archived flag is set and no further commits are accepted. Eight of those nine are vendor-official: Azure (1,213 stars), Pydantic Logfire, Mem0, PostHog, E2B, Honeycomb, and two of Anthropic's own MCP scaffolders. They are still being installed. Four more have not been pushed to in 365+ days, and sixty of the 101 ship no SECURITY.md disclosure file at all. Every other axis of the SkillAudit rubric (security, permissions, credentials, compatibility, docs) grades the code that is in front of the engine; the maintenance axis is the only one that grades what is not happening, and it is the only axis that gets worse over time without anyone touching anything. This is what 2026's MCP supply-chain looks like when you grade the calendar instead of the AST. Buyer-side install-gate framework + author-side recovery checklist at the bottom.
Why maintenance is the only time-bomb axis
SkillAudit grades every Model Context Protocol server on six axes — security, permissions, credentials, maintenance, compatibility, and documentation. Five of the six grade the code that is in front of the engine right now. The sixth — maintenance — grades the absence of code that is not arriving. When we audit a repo, we read the GitHub API for three signals: the archived flag, the pushed_at timestamp, and the open-issue count. Each of those rolls up into a deduction against the maintenance axis, and the maintenance axis caps the overall grade just like any other axis (the methodology page documents the cap rules in full).
Here is the thing the maintenance axis catches that no static check ever will: a repo's score gets worse over time even if nobody changes a single line of code. A repo that scores 90 today on every code axis but has not been pushed to in 100 days will lose 10 points off maintenance in 80 days, and 30 points in 280 days, and become uninstallable under any reasonable install-gate policy in 365 days. The other five axes are static; this one is dynamic. It is also the axis that is hardest to game, because it requires actual ongoing engineering effort to keep — not a one-time fix you commit and forget.
That asymmetry is exactly what makes maintenance the killer feature of an install gate. A vendor can ship an A-grade MCP server today and be on the install shortlist next month; if they then archive the repo, the install gate catches that change at the next re-scan and removes the repo from the approved list automatically. Code-axis findings require manual root-cause work to fix; maintenance findings update themselves. The cost to the install-gate operator is one cron job every thirty days.
The remaining three sections name the four maintenance signals the engine fires on, with the corpus data behind each. None of the signals are subtle. Most of them are findings any developer could spot by clicking through to a repo and reading the sidebar. The reason the install gate exists is that every developer doing a manual install does not click through and read the sidebar — they install, the LLM uses the tool, the tool runs, and nobody knows the repo's status until something goes wrong. Codifying these signals into an automated gate is how teams scale past a single security engineer's bandwidth.
Signal 1 — Repository is archived
What the engine looks for
The strongest possible maintenance signal is the maintainer turning the repo's archived flag on in GitHub settings. It is not a soft signal — it is the maintainer publicly stating "this repo is dead, do not file issues, do not expect pull requests to be reviewed." When the engine sees archived: true, it deducts 30 points from the maintenance axis as a HIGH finding. That alone is sufficient to drop the overall grade out of A or B (because the overall grade is the floor of the worst axis).
Nine repos in the 101-corpus are archived. Eight of the nine are vendor-official — released under the org name of a public-facing company or platform — which makes the install signal especially asymmetric. Developers see "official Microsoft / PostHog / Pydantic / Honeycomb release" and reach for it. The archived flag is a single GitHub setting they have to specifically click through and notice.
| Repo | Stars | Days idle | Grade | Why archived (where stated) |
|---|---|---|---|---|
| Azure/azure-mcp | 1,213 | 76 | F | Functionality migrated to azure-tools/azure-mcp (separate repo) |
| GongRzhe/Gmail-MCP-Server | 1,098 | 260 | D | Community repo, no successor named |
| mem0ai/mem0-mcp | 645 | 30 | C | Functionality moved into the main mem0 SDK |
| modelcontextprotocol/create-python-server | 478 | 455 | F | Anthropic deprecated the scaffolder; reference moved to inline templates in the docs |
| e2b-dev/mcp-server | 393 | 7 | D | Replaced by integration directly inside E2B's main SDK |
| modelcontextprotocol/create-typescript-server | 171 | 514 | F | Anthropic deprecated the TS scaffolder; same reason as the Python one |
| pydantic/logfire-mcp | 160 | 31 | D | Functionality folded into the main logfire Python SDK |
| posthog/mcp | 143 | 94 | F | Marked deprecated; PostHog now ships its MCP-compatible surface inside posthog-node |
| honeycombio/honeycomb-mcp | 43 | 246 | F | Community-maintained Honeycomb integration; archived without successor |
The pattern is consistent: a vendor publishes an MCP server early in the supply-chain rush, then either folds the functionality into their main SDK or migrates to a separate repo and forgets to redirect installers from the old name. Five of the nine archived repos (Azure, Mem0, E2B, Pydantic Logfire, PostHog) have a documented successor — but the successor is in a different repo, under a different name, and the original GitHub URL still serves git clone + npm install with no warning. Until either the package registry surfaces the archived flag or the install tool actively refuses to install from archived repos, the installs will continue.
The two Anthropic scaffolders (create-python-server and create-typescript-server) are a special case worth naming directly. They are not runtime MCP servers — they are scaffolders for new MCP server projects, the equivalent of create-react-app. When developers in 2024 ran them to start a new project, the scaffolded code shape lived on inside hundreds of community repos. Both scaffolders have been archived for 455 and 514 days respectively, so they have not been updated to match the post-2024 protocol revisions, MCP specification updates, or the security patterns we documented in the anatomy post. Repos still being scaffolded from them today are inheriting outdated patterns.
The strongest argument against installing an archived repo is that vulnerability disclosure has nowhere to go. A SSRF or credential-echo finding lodged against any of these nine has no maintainer triage queue. The disclosure routes to a public GitHub issue (which the archived flag stops accepting), to a CVE database with no patch reference, or to a tweet thread that the original maintainer may not see. None of those produce a coordinated patch.
Signal 2 — No push to default branch in 365+ days
What the engine looks for
If the most recent push to the repo's default branch is more than 365 days old, the engine emits a HIGH (meta) finding and caps the maintenance axis at 40 — meaning even with otherwise-perfect code, the overall grade cannot exceed F. The threshold is the calibration the engine uses for "functionally archived even if not flagged." A year of no commits is enough time for the JavaScript ecosystem to ship two major Node versions, for the Python ecosystem to deprecate one minor version, for the MCP protocol itself to revise its tool-call schema (which it did between specification versions in 2025–2026), and for any number of dependency CVEs to land that the repo will never patch.
Four repos in the corpus pass this 365-day threshold:
| Repo | Days idle | Stars | Grade | Status |
|---|---|---|---|---|
| modelcontextprotocol/create-typescript-server | 514 | 171 | F | Also archived |
| anaisbetts/mcp-installer | 513 | 1,520 | F | Not archived but functionally so |
| modelcontextprotocol/create-python-server | 455 | 478 | F | Also archived |
| adhikasp/mcp-git-ingest | 452 | 306 | F | Not archived; community repo |
The standout case is anaisbetts/mcp-installer — 1,520 stars, 513 days since last push, and not archived. It is in the top 5% of the corpus by star count, well known as one of the early community MCP installers, and yet it has had no commits since the protocol specification revisions of 2025. The audit page calls out the production-source HIGH (meta) finding directly. A team installing it on the strength of its star count is installing a year-and-a-half-old codebase against a protocol that has moved twice since.
The 365-day cap is intentionally generous. It is not "ship a feature every month" — it is "ship one commit every fourteen months." Even slow-moving security-mature projects (the fetch-mcp repo at 42 days, ElevenLabs at 34 days, Box at 142 days, Vectara at 140 days) clear it comfortably. Repos that fail it are repos where no one is paying attention.
Signal 3 — Aging cliff (180–365 days)
What the engine looks for
The 180–365 day band is the engine's "aging cliff" — long enough that the repo has missed at least one protocol revision and several monthly dependency CVE cycles, but not long enough to be unambiguously dead. The cap takes the maintenance axis to 70 (cannot exceed C band), which usually drags the overall grade down to C or below depending on the code-axis findings.
Seven repos sit in this band:
| Repo | Days idle | Stars | Grade | Notes |
|---|---|---|---|---|
| hubspot/mcp-server | 363 | 4 | F | HubSpot vendor-official; effectively at the 365-day threshold |
| jerhadf/linear-mcp-server | 358 | 344 | C | Community Linear integration; one of the first MCP servers ever published |
| GongRzhe/Gmail-MCP-Server | 260 | 1,098 | D | Also archived (signal 1) — counted on both |
| runekaagaard/mcp-alchemy | 251 | 400 | C | Community SQLAlchemy integration |
| honeycombio/honeycomb-mcp | 246 | 43 | F | Also archived (signal 1) |
| chroma-core/chroma-mcp | 218 | 539 | C | Chroma vendor-official; aging but not deprecated |
| prisma/mcp | 199 | 41 | C | Prisma vendor-official; near the threshold |
The aging cliff is where the maintenance signal earns its keep as a distinct axis from security. Look at runekaagaard/mcp-alchemy — it scores 70 on every code axis (no SSRFs, no command-exec, narrow tool surface, env-var read once at startup, no credential echoes) and would be a B grade except for the 251-day push gap. The maintenance cap at 70 holds the overall grade at C. The code is fine; the calendar is not. An install-gate policy that ignored the maintenance axis would let this repo through despite the maintainer no longer being responsive to issues.
The linear-mcp-server case is similar but starker: 344 stars, 358 days since push, but still functionally working. A team installing it today has a 7-day window before the engine's HIGH (meta) finding fires and the grade drops to F. That window is the right install-time signal: if you are pulling a 358-day-old repo and you need it for a year, you should plan to fork it.
Days-since-push distribution across the 101-corpus
The corpus is bimodal. Fifty-six of 101 repos pushed within the past week (median 3 days). The active end of the distribution is healthy and well-maintained. The other half is the long tail: 13 repos in the 30–90 day range, 9 in the 90–180 day range, and the 11 repos over 180 days that this post calls out individually. There is no soft middle — repos either get touched constantly (median 3 days) or they slide toward archive status. That bimodality is itself a useful install-gate signal: a repo that has been at 100+ days idle is more likely to keep getting older than to suddenly resume active development.
Signal 4 — Triage backlog (open-issue count)
What the engine looks for
Open-issue count is the engine's softest maintenance signal. A high backlog is not by itself a fail — large active repos accumulate issues as a function of popularity, not neglect. FireCrawl at 104 open issues and FastAPI-MCP at 143 open issues are both A grades despite the WARN — the deduction is 10 points off maintenance, not enough to drop their letter band. The signal becomes interesting at the high end:
| Repo | Open issues | Stars | Grade | Notes |
|---|---|---|---|---|
| pydantic/pydantic-ai | 503 | 16,583 | C | Pydantic AI agent framework; large surface, mature codebase |
| awslabs/mcp | 467 | 8,858 | F | AWS multi-tool MCP collection; F grade is code-driven, backlog is a parallel concern |
| modelcontextprotocol/python-sdk | 442 | 22,747 | C | Anthropic's MCP Python SDK; foundational and high-traffic |
| modelcontextprotocol/servers | 386 | 84,406 | C | The flagship reference-implementation umbrella repo |
| github/github-mcp-server | 313 | 29,213 | C | GitHub vendor-official; very active issues board |
| modelcontextprotocol/typescript-sdk | 295 | 12,265 | B | The corpus's only B-grade; backlog reflects high external usage |
| modelcontextprotocol/java-sdk | 280 | 3,380 | C | Anthropic's Java SDK |
| sooperset/mcp-atlassian | 270 | 5,013 | F | Community Atlassian integration with code findings |
| Klavis-AI/klavis | 238 | 5,716 | F | Multi-tool MCP suite |
| jlowin/fastmcp | 224 | 24,813 | F | FastMCP framework; F grade driven by code findings, not backlog |
| googleapis/mcp-toolbox | 221 | 14,798 | C | Google vendor-official toolbox |
| modelcontextprotocol/inspector | 217 | 9,541 | F | The MCP Inspector tool; backlog plus code findings |
The right way to read this signal is alongside the days-since-push column. pydantic/pydantic-ai has 503 open issues and was pushed today — a healthy active repo with a large user base generating issues faster than the small core team can close them. Klavis-AI/klavis has 238 open issues and was last pushed today as well; same shape. Compare to a hypothetical "300 open issues, 200 days since push" repo: that profile would indicate triage abandonment, not load.
None of the 12 repos in this list have both a high backlog and a long push gap. The two failure modes are mutually exclusive in the corpus — high-backlog repos are still actively maintained, just under-resourced. The install-gate posture for this list is "tolerate, but log the backlog growth rate as part of your monthly re-scan." If the backlog is growing faster than the push cadence is closing it, that is a different signal — one no static engine can compute from a single point in time, but one a 30-day re-scan picks up by comparing snapshots.
Signal 5 (out-of-band) — No SECURITY.md disclosure file
What the engine looks for
The SECURITY.md gap is technically a docs-axis finding, not a maintenance-axis one — but it belongs in this post because it is the signal that determines what happens after a maintenance failure. When a repo without a SECURITY.md goes archived, or sits at 365+ days idle, or accumulates a stale backlog, and a vulnerability is discovered against it, the discoverer has nowhere to send the report. The next public action is whatever the discoverer chooses — a tweet, a public GitHub issue, a CVE filing — and the maintainer (if there still is one) finds out at the same time as the rest of the world.
Sixty of the 101 repos in our corpus ship no SECURITY.md. Across grade buckets:
| Grade | Total in band | Without SECURITY.md | Percentage |
|---|---|---|---|
| A | 19 | 16 | 84.2% |
| B | 1 | 0 | 0.0% |
| C | 38 | 16 | 42.1% |
| D | 6 | 5 | 83.3% |
| F | 37 | 23 | 62.2% |
The A-band number is the most counter-intuitive — sixteen of nineteen A-grade repos lack a SECURITY.md. That is the same statistic the anatomy post named: every other axis is clean for these repos, the docs axis is the one with a single 10-point deduction, and adding a 30-line file at repo root would lift sixteen of them from 90 to perfect 100. The three A-grade repos with a SECURITY.md are LangChain MCP adapters (100/100), Vectara (100/100), and Microsoft Playwright (90/100, capped by tests-tier execSync).
The C-band has the highest absolute count of repos with SECURITY.md (22 of 38) — these are largely vendor-official releases (Google, GitHub, Anthropic SDKs, Razorpay, Docker, JFrog) where the SECURITY.md is corporate boilerplate. The number is high because corporate process produces vulnerability-disclosure documentation regardless of code quality. The D and F bands have the lowest SECURITY.md rate because community / indie repos most often lack them.
For an install-gate operator, the SECURITY.md signal works best in combination with the maintenance signals above. A repo that is archived and has no SECURITY.md is the worst case — there is nowhere to report findings and no one to report them to. A repo that is actively maintained and has no SECURITY.md is a softer case — the disclosure can route to GitHub Issues, even if the path is suboptimal. The gate's policy sentence: "Reject any archived repo without a SECURITY.md unilaterally; manual-review any active repo without one if a HIGH security finding is open."
The four-signal install-gate framework
Combining the four maintenance signals plus the SECURITY.md signal gives a deterministic policy for an automated install gate. The first two signals are unilateral rejects; the last two route to manual review. Run this as a 30-day cron job over your team's MCP server install list:
- If
archived: true, reject. No exceptions. A repo that has publicly declared itself dead cannot fix anything that is found in it. The install can be replaced with the maintainer's named successor (5 of the 9 archived repos in our corpus have one) or with an A-grade alternative from the install shortlist. - If days-since-push > 365, reject. A year of no activity is the engine's "functionally archived" cutoff. The four 365+ repos in our corpus would all be rejected by this rule; one of them (anaisbetts/mcp-installer) is not officially archived but should be treated as if it were.
- If days-since-push 180–365, manual-review. The 70-cap maintenance axis means the overall grade is capped at C in this band; let the gate flag it for review and let a security engineer decide whether the repo's stability matters more than its maintenance velocity. For most use cases the answer is "fork it or pick a different repo"; for some pinned-dependency scenarios it is acceptable.
- If no SECURITY.md AND any HIGH security finding, manual-review. The combination is the worst case for vulnerability disclosure — a real finding with no place to report it. The reviewer should either find an alternative or work with the maintainer to add a SECURITY.md before the install is approved.
- Re-scan every 30 days. All four signals are time-dependent; the gate's value is in catching the day a repo flips from "active" to "archived" or "180 days idle" or "365 days idle." A monthly cron picks up these transitions before they propagate to production.
The full install-gate template — including the GitHub Action that gates new installs on the SkillAudit grade, the rollout calendar, and the four week-1 gotchas — is in the install-gate playbook post. This framework is the maintenance-axis counterpart: the playbook covers the code-axis policy, this post covers the calendar-axis policy.
Author checklist — how to keep your repo out of this list
- If the repo is archived, redirect installers. Set the GitHub repo description to "DEPRECATED — see
org/successor-repo" and add the same line to the README's first paragraph. Most package registries (npm, PyPI) will not stop installs from an archived GitHub repo, but the README banner means anyone clicking through sees the redirect. The five archived repos in our corpus that have a documented successor are doing this correctly; the four that do not should adopt it. - If the repo is at 90+ days idle, push something. A README typo fix, a dependency bump, an LICENSE-year update — anything that resets the push timestamp. The cost is minutes; the benefit is staying out of the 180-day WARN cliff and the 365-day HIGH cap. A repo that has nothing to commit because it is feature-complete is a healthy repo; the maintenance axis is asking you to demonstrate that by ongoing activity, not by a comment in the README that says "stable." Active maintenance shows up in the GitHub API; comments do not.
- Ship a SECURITY.md. 30 lines at repo root naming a disclosure email and a coordinated-disclosure timeline. Lifts the docs axis from 90 to 100 on its own. If 84% of A-grade repos in our corpus would be perfect 100s but for this single missing file, you are unlikely to be different. A starter template is two paragraphs (your disclosure email + a 90-day coordinated disclosure window); the rest is optional. The file's main job is to exist so the GitHub UI surfaces a "Report a vulnerability" button to anyone who finds something.
- Triage your backlog or document why you are not. A 100+ open-issue count is a soft signal but a real one. If the issues are duplicates and out-of-scope feature requests, close them with a one-line "won't fix, see CONTRIBUTING.md" — that closes the count and signals active triage. If they are real but you do not have time, pin a "maintenance status" issue at the top explaining the resourcing situation and what you will and will not work on. Either move drops the WARN finding once the count is below 100; both move re-establish the active-maintainer signal.
- Re-run the audit. SkillAudit re-scans on demand; once your fixes are in, request a fresh scan and the new grade reflects the current GitHub state. The maintenance axis updates immediately because it is point-in-time on the API call.
Buyer checklist — five clicks before you install
If you are picking which MCP servers to install this week and the repo is not in our 101-corpus, run these five checks in five minutes per repo:
- Is the GitHub archived banner showing? Top of the repo page, gray banner across the file list. If yes, find a different repo or use the maintainer's named successor.
- Click the "commits" tab. When was the most recent push? If it is > 365 days ago, treat as functionally archived. If it is 180–365 days ago, fork the repo before installing — you will need to maintain it yourself.
- Click the "issues" tab. How many open? If it is in the hundreds and the most recent push is > 90 days ago, the maintainer is no longer triaging — assume any disclosed vulnerability will not be patched.
- Look for SECURITY.md. If absent, plan to disclose any findings via your own GitHub fork or your security team's process. Do not assume the maintainer will see a public issue.
- Run a SkillAudit. The free tier covers public repos. The grade synthesizes all five signals plus the security / permissions / credentials / compatibility / docs axes into one letter band you can use in your install gate. Submit a repo to audit.
FAQ
Why grade maintenance at all? Isn't security what matters? Because the security axis grades a snapshot, and the snapshot ages. A repo that scores 90 on security today and is then archived will still score 90 on security in five years against the engine — but every CVE in its dependency tree, every protocol revision, every breaking change in the ecosystem will accumulate against it without remediation. The maintenance axis is the one that catches "code that was good last year and is now load-bearing legacy nobody owns." Grading code without grading the calendar is grading half the problem.
How is the 365-day threshold chosen? Calibration. We set the threshold at the point where a repo has missed (a) at least one Node major-version cycle, (b) one MCP protocol specification revision, and (c) approximately twelve monthly dependency-CVE waves. Above that point, the probability that the repo's installable state matches the world it was tested against drops sharply. We also tested 180-day and 540-day cutoffs against the corpus; 365 produced the cleanest signal-to-noise ratio (the 4 repos above it are unambiguously dead; the 7 in the 180–365 band correctly tag the "fork before installing" cases).
Will my repo be re-scanned automatically when I push? No — re-scans are on-demand, the same as the initial scan. The audit pages reflect the state of the repo at the commit hash named on the page. Click "request re-scan" on any audit page (or re-submit the GitHub URL on the home page) to re-run; the engine pulls the latest commit and re-renders. The grade typically updates within minutes.
What about repos that are intentionally feature-complete? They lose maintenance points the same as repos that are abandoned. The audit cannot distinguish "intentional stability" from "actual abandonment" — the GitHub API gives the same answer for both. The fix is to push something periodically (a README clarification, a dependency bump, a tag for a stable version) so the push timestamp stays current. A genuinely feature-complete repo can do this with one annual maintenance commit and stay clear of the 365-day cliff.
How does the maintenance axis interact with the surface-tier rubric? It does not. Surface tiering (production / installer / examples / benchmarks / scripts / test) applies only to the code-axes findings: security, permissions, credentials. Maintenance findings are tagged (meta) and deduct at full weight regardless of where in the source tree they would otherwise be — there is no "test-tier abandonment." The repo is either being maintained or it is not. See the methodology meta-checks section for the full rules.
What if the maintainer is on vacation? Or the project has a release schedule? Three months is a long vacation; the 90-day band's WARN finding is small (10 points off, no overall-grade effect) and disappears the moment the maintainer pushes again. The release-schedule case is a harder edge case for repos that publish quarterly — those will spend most of their time in the 30–90 day band, which the engine treats as healthy. Repos publishing on annual cycles will sit in the 180–365 day band; the install gate's 70-cap is the right policy for those (they are stable but slow-moving and a buyer should know that).
How does this list change in 30 days? If the install-gate's monthly re-scan rule is followed, the prediction is: 5 of the 9 archived repos will still be archived (the official-org ones), 1–2 of the 7 aging-cliff repos will cross into the 365+ band, and 2–3 new repos will join the 180–365 band as their push timestamps cross 180 days. The triage backlog list will shift slightly as issues get opened and closed. The SECURITY.md count is the slowest-moving — adding one is a 10-minute task and a 30-line file, but maintainers historically only do it when prompted by a finding. If the F-grades and anatomy posts succeed in prompting authors to ship them, the next-month re-count should drop.
Related reading
- Anatomy of an A-grade MCP server — five code patterns shared by the 19 — the code-axis counterpart to this post; the SECURITY.md statistic appears in both.
- 29 vendor-official MCP servers earned an F — every name, every file path — eight of the nine archived repos in this post overlap with the F-grade vendor list; this post's lens is "the maintainer stopped" while that post's lens is "the code is broken."
- Block 52 of 101 community MCP servers with one CI gate — the team-policy template that the four-signal framework above slots into. The install-gate playbook handles code findings; this post handles calendar findings.
- The MCP install shortlist — 19 community servers that earn an A — the buyer-side companion. Every repo on the shortlist passes all four maintenance signals plus the code axes.
- Engine v0.3 calibration delta — 22 grades moved when surface tiering shipped — the engineering record of the v0.3 calibration; surface tiering applies to code axes, not to maintenance.
- Methodology — meta-axis checks — the canonical rule documentation for maintenance and docs axes, including the cap thresholds.
- The public audit board — every grade in the 101-repo corpus, every finding linked.
Run the four-signal check against your team's MCP install list.
Submit a repo to audit → Read the methodology →