Model Context Protocol moderate risk

Growthbook

The GrowthBook MCP server allows LLM clients to interact with GrowthBook for feature flag management and experiment configuration, secured by an API key.

Connections & Capabilities

Connects To

GitHubTwitter

Capabilities

readwrite

Quickstart

Config

{
  "mcpServers": {
    "growthbook": {
      "command": "npx",
      "args": ["-y", "@growthbook/mcp"],
      "env": {
        "GB_API_KEY": "YOUR_API_KEY",
        "GB_API_URL": "YOUR_API_URL",
        "GB_APP_ORIGIN": "YOUR_APP_ORIGIN",
        "GB_USER": "YOUR_NAME"
      }
    }
  }
}

Exposed MCP Tools (4)

safe

get_experiment

Retrieves details about a specific GrowthBook experiment.

Read-only operation, no side effects.

moderate

create_feature_flag

Creates a new feature flag in GrowthBook.

Non-destructive write operation, but can impact application behavior.

high

update_feature_flag

Modifies an existing feature flag in GrowthBook.

Structural modification that can significantly alter application behavior.

safe

list_experiments

Lists all experiments in GrowthBook.

Read-only operation, no side effects.

Safety Assessment

The GrowthBook MCP server is relatively safe for read-only operations and controlled write operations. However, the risk of unauthorized modifications exists if the API key is compromised. Exercise caution when granting write access and monitor changes to feature flags.

Requires API key for authentication.
Capabilities are limited by the API key's permissions.
No direct code execution or shell access.
Primarily interacts with GrowthBook's API, not the underlying system.

Write operations are possible, potentially impacting feature flag configurations.
Exposure of API key could lead to unauthorized modifications.
Lack of sandboxing could lead to unintended consequences from misconfigured flags.
Email address is required, raising PII concerns.