Five Model Context Protocol servers worth installing on any developer machine in 2026: filesystem (read and write local files), GitHub (issues, PRs, repositories), Postgres (SQL queries against your databases), claude-in-chrome (browser automation), and Sentry (production error context). MCP is the open standard Anthropic introduced for connecting AI assistants to external data sources and tools; an MCP server is a small process that exposes a typed set of tools the assistant can call. These five are the ones that turn Claude Code from "an assistant that can read code" into "an assistant that can actually do the job".
What makes an MCP server worth installing in 2026: it covers a job you do every day, the tool surface is small and clearly named, the authentication model is sensible, and it composes with other MCPs without stepping on them. The five below all meet those criteria and have been stable for at least a year.
Jump to:
- 1. filesystem — local file access
- 2. GitHub — issues, PRs, repositories
- 3. Postgres — SQL queries against your databases
- 4. claude-in-chrome — browser automation
- 5. Sentry — production error context
- Comparison table
- Security model: what each one can access
- FAQ
1. filesystem — local file access
The MCP server you install first and never uninstall. filesystem exposes a small, safe set of tools: read a file, write a file, list a directory, search within a directory tree, watch for changes. It scopes access to a configured allow-list of paths so the assistant cannot reach beyond directories you have explicitly opened.
Why it earns the top slot: every other workflow assumes file access. Writing a function, reading a config file, scanning a log, editing a markdown post — all of these need the assistant to see the actual bytes on disk rather than a copy you pasted into the chat. Without filesystem MCP, you spend half the conversation explaining what is in the file.
Install with npm install -g @modelcontextprotocol/server-filesystem and configure with the directories you want exposed. In ~/.config/claude-code/mcp.json you list each path; the assistant can read and write within those paths and nowhere else.
The security model is straightforward: anything in an allow-listed path is readable and writable by the assistant; nothing outside is reachable. For sensitive directories (~/.ssh, password manager exports, anything with credentials), simply do not allow-list them.
2. GitHub — issues, PRs, repositories
GitHub MCP exposes the public GitHub REST and GraphQL APIs through a typed set of tools: list issues, create a PR, leave a review comment, check workflow runs, query commit history. With a single GitHub personal access token the assistant can drive the parts of the GitHub workflow that take ten clicks each.
The use cases that actually pay off:
- Triaging incoming issues. "Read the last 20 issues on this repo, group them by likely cause, suggest labels." Ten minutes of human work, thirty seconds of MCP work.
- Drafting PRs from local changes. After you commit, the assistant can open the PR with a generated title, summary, and test plan derived from the actual diff.
- Code review. Point at a PR and the assistant fetches the diff and the conversation, then runs through your team's review checklist.
Install: the official @modelcontextprotocol/server-github package, plus a GitHub personal access token with the scopes your workflow needs. Read-only scopes if you only want diagnostics; repo scope if you want the assistant to open PRs.
Security: every action goes through your token, so it inherits your permissions. The MCP server itself does not have privileges beyond the token. For a team setup, give it a service-account token rather than your personal one.
3. Postgres — SQL queries against your databases
Postgres MCP gives the assistant typed access to your Postgres databases: list schemas, describe tables, run SELECT queries, optionally run DML. The schema introspection is the headline feature — the assistant sees your actual table structure and writes queries against the real columns rather than guessing.
Where this is transformative: any "explain my data" question, any one-off report ("how many users signed up via Google OAuth last month broken down by plan tier"), any data sanity check before a deploy. The assistant writes the SQL, runs it, summarises the result, and shows you the query alongside the output so you can verify it did what you wanted.
For MySQL, an equivalent MCP server exists under @modelcontextprotocol/server-mysql. Same shape, same workflow, different driver. SQLite has its own server for local dev databases. If you work across multiple database engines, install all three — they coexist.
Configure with a read-only database role for safety. The assistant's SELECT queries do not need write permissions, and a read-only role gives you a hard guarantee against an accidental UPDATE. If you want DML access for the assistant, scope it to a non-production database first.
For the SQL syntax the assistant will be writing, the MySQL Cheat Sheet and the deeper how-tos like how to find duplicate rows in MySQL cover the patterns you will see most often.
4. claude-in-chrome — browser automation
claude-in-chrome (and its sibling Playwright MCP) gives the assistant a real Chrome browser to drive. Open a URL, take an accessibility-tree snapshot, click elements by their reference IDs, fill forms, capture console messages and network requests, screenshot specific elements.
The killer use cases:
- Reproduce production bugs. Paste the URL from the user-submitted ticket; the assistant clicks through the flow and captures the exact failing console message.
- End-to-end testing during development. After changing a checkout flow, the assistant tests it against the dev server before you do.
- Visual regression. Screenshot a component, change a CSS variable, screenshot again, diff.
- Scraping when permitted. Authoritative product data from your own site, your own dashboards, your own admin tools.
The accessibility-tree snapshot is the smart part. Raw HTML is enormous and full of noise; the accessibility tree is a fraction of the size and lists exactly the interactive elements with stable reference IDs. Tool calls reference e123 rather than fragile CSS selectors.
Install via the Anthropic Chrome extension plus the local MCP server, or via the Playwright-based server for scripted use. Authentication for protected sites uses your browser session, so the assistant inherits the same access you have when logged in.
5. Sentry — production error context
Sentry MCP exposes your production error tracking: list recent issues, read stack traces, group by frequency, get the affected user count, fetch the breadcrumbs leading up to a crash. When you wake up to a 3 a.m. alert, you can describe the symptom and the assistant pulls the actual error data without you opening the dashboard.
The pattern: paste an error ID into the chat. The assistant fetches the full stack, the breadcrumbs, the affected releases, and any related issues, then proposes a root cause and a fix. Combined with the filesystem MCP for the source code and the GitHub MCP for the PR creation, this turns "investigate a Sentry alert" into a 10-minute end-to-end workflow.
Other observability MCPs in the same niche: Datadog, Honeycomb, Grafana Cloud. Pick whichever matches your stack. The interaction pattern is the same — the assistant queries the observability tool for context, then proposes action.
Configure with a read-only Sentry API key scoped to the project. The MCP server only needs read access; the fixes happen through GitHub MCP or filesystem MCP.
Comparison table
| MCP server | Primary capability | Best for | Install |
|---|---|---|---|
| filesystem | Read/write local files | Every workflow that touches code | @modelcontextprotocol/server-filesystem |
| GitHub | Issues, PRs, repos via API | Issue triage, PR drafting, code review | @modelcontextprotocol/server-github + token |
| Postgres | SQL queries with schema introspection | Data questions, sanity checks, reports | @modelcontextprotocol/server-postgres + RO role |
| claude-in-chrome | Browser automation + snapshot | Bug repro, e2e tests, visual regression | Chrome extension + local MCP |
| Sentry | Production error context | Incident response, root-cause analysis | @modelcontextprotocol/server-sentry + RO API key |
Security model: what each one can access
Every MCP server inherits exactly the credentials you give it and nothing more. The assistant cannot escalate beyond what the underlying API or filesystem permissions allow. Practical implications:
- filesystem: scope to project directories. Never allow-list
~/.ssh,~/.aws, or anywhere a credentials file might live. - GitHub: use a personal access token with the minimum scopes needed. Read-only is fine for diagnostics; reserve write scopes for the workflows that actually need them.
- Postgres: use a read-only database role unless you have a specific reason for write access. Run the MCP against a replica if you have one.
- claude-in-chrome: inherits your browser session for any logged-in site. Treat it like giving someone temporary screen-share access to your browser.
- Sentry: read-only API key scoped to the project you want diagnosed. Sentry's own permission model gates everything from there.
Always review the tool descriptions exposed by each MCP server before granting access. A well-designed MCP exposes only the operations needed; if a server exposes a "run arbitrary SQL" tool to a production database, that is a smell.
What to do next
For the workflow-side companions to these MCP servers, the matching Claude Code skills layer the higher-level intent on top:
- Top 5 Claude Code Skills Every Developer Should Install in 2026 covers the slash-command skills (impeccable, playwright-cli, gsd, seo-content, banana) that compose with these MCP servers.
For the regex-pattern and SQL-syntax references the assistant will reach for when using filesystem or Postgres MCPs:
- Regex Cheat Sheet for the pattern syntax across JavaScript, Python, PHP, Go, Java, and PCRE.
- MySQL Cheat Sheet for the SQL syntax the Postgres MCP equivalent will be writing.
External reference: the Model Context Protocol specification is the open standard for these tools. Anthropic's official MCP server catalog lists every server that ships from the protocol authors.
