Is Meta Mcp safe to use?

Meta Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Meta Mcp?

Meta Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Meta Mcp?

Meta Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Meta Mcp actively maintained?

Meta Mcp is recently maintained — last commit was 66 days ago. It has 179 GitHub stars.

Meta Mcp

Name: Meta Mcp
Author: brijr

meta-ads-mcp · by brijr

MCP Server for connecting to the Meta Marketing API

179 984/wk 0 tools GitHub npm

No known CVEs

No license

Maintained

Last commit 66d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "meta-ads": {
      "env": {
        "META_ACCESS_TOKEN": "your_access_token_here"
      },
      "args": [
        "-y",
        "meta-ads-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/meta-mcp)](https://mcppedia.org/s/meta-mcp)

Read me

What Meta Mcp does

A comprehensive Model Context Protocol (MCP) server that enables AI assistants like Claude to interact with Facebook/Instagram advertising data through the Meta Marketing API. This server provides full campaign lifecycle management, analytics, audience targeting, and creative optimization capabilities.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

58/100across 5 weighted dimensions

How we score →

0255075100

−42

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked meta-ads-mcp against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Meta Mcp safe to use?: Meta Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Meta Mcp?: Meta Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Meta Mcp?: Meta Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Meta Mcp actively maintained?: Meta Mcp is recently maintained — last commit was 66 days ago. It has 179 GitHub stars.

Similar servers

Others in marketing

View all →

Mcp Server Typescript94

DataForSEO API modelcontextprotocol server

206 9

Wechatsync92

一键同步文章到多个内容平台，支持今日头条、WordPress、知乎、简书、掘金、CSDN、typecho各大平台，一次发布，多平台同步发布。解放个人生产力

5.6k 5

io.github.peturgeorgievv-factory/postfast-mcp91

MCP server for the PostFast API — schedule and manage social media posts via AI tools

1 11

io.github.mharnett/google-ads89

Google Ads MCP with MCC support: 35 tools for campaigns, keywords, reporting, GAQL.

MCP Security Weekly

Get CVE alerts and security updates for Meta Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "meta-ads": {
      "env": {
        "META_ACCESS_TOKEN": "your_access_token_here"
      },
      "args": [
        "-y",
        "meta-ads-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/meta-mcp)](https://mcppedia.org/s/meta-mcp)

Read me

What Meta Mcp does

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

Meta Ads MCP Server

A Cloudflare Workers MCP server for Meta Ads account setup, campaign management, ad sets, creatives, audiences, reporting, and batch workflows.

This repo is built on xmcp and exposes a Streamable HTTP MCP endpoint plus browser-facing Meta OAuth routes.

Open Source / Self-Hosted

This repository is intended to be deployed in your own Cloudflare account with your own Meta app credentials.

It does not ship with:

a hosted control plane
a shared Meta app
a built-in end-user dashboard
a JWT issuer for your users and workspaces

You bring:

your Cloudflare Worker deployment
your Meta developer app
your JWT issuer or auth provider
your own UI or backend that initiates the OAuth flow

What It Does

Runs as a Cloudflare Worker
Uses direct Meta Graph API fetch calls instead of the Meta SDK
Stores Meta user connections per workspace in D1
Stores short-lived OAuth state in KV
Encrypts stored Meta access tokens
Protects MCP requests with your app-issued JWTs

Endpoints

GET /health
GET /app
POST /mcp
GET /oauth/meta/start
GET /oauth/meta/callback

Auth Model

This server is multi-tenant. Every MCP request must include a bearer JWT issued by your app.

If you are open-sourcing this project, the important implication is that consumers must wire it into their own auth system. The server does not know how to identify a user or workspace without that JWT.

Required JWT claims:

sub or userId
workspaceId
optional roles

Example payload:

{
  "sub": "user_123",
  "workspaceId": "workspace_abc",
  "roles": ["admin"]
}

Why /oauth/meta/start is not a generic public link:

the server must know which workspace the Meta account should be attached to
that workspace context comes from the JWT
without it, the server cannot safely bind the resulting Meta token

Tool Surface

Implemented tool families:

Account and setup
Campaign management
Ad set management
Creative and ads
Audience and targeting
Reporting and insights
Batch helpers

The server currently registers 39 tools.

Project Layout

src/tools tool definitions grouped by domain
src/lib auth, storage, OAuth, runtime, and Meta client helpers
src/services domain-specific Meta service logic
src/middleware.ts OAuth routing and MCP JWT auth
cloudflare-entry.mjs Worker wrapper entry for Cloudflare-specific route interception
schema.sql D1 schema
test unit and contract-style tests

Local Development

Install dependencies:

pnpm install

Run local dev:

pnpm dev

Useful scripts:

pnpm build
pnpm test
pnpm deploy

Cloudflare Bindings

Required bindings:

D1 database bound as META_DB
KV namespace bound as META_OAUTH_STATE

Required secrets:

JWT_SECRET or JWT_JWKS_URL
META_APP_ID
META_APP_SECRET
META_TOKEN_ENCRYPTION_KEY
APP_UI_PASSWORD for the built-in admin page at /app

Optional configuration:

JWT_ISSUER
JWT_AUDIENCE
APP_SESSION_SECRET
APP_UI_WORKSPACE_ID
APP_UI_USER_ID
META_REDIRECT_URI
META_GRAPH_VERSION
META_OAUTH_SCOPES
META_OAUTH_ALLOWED_RETURN_ORIGINS

Defaults:

META_GRAPH_VERSION=v25.0
META_OAUTH_SCOPES=ads_management,business_management
APP_UI_WORKSPACE_ID=workspace_admin
APP_UI_USER_ID=app_admin

Built-In Admin UI

The Worker now includes a small browser UI at /app.

What it does:

prompts for an admin password
starts the existing Meta OAuth flow without requiring you to manually mint a bearer JWT
shows whether a Meta account is connected for the admin workspace
loads accessible ad accounts using the same service logic as get_ad_accounts

Required setup:

Set APP_UI_PASSWORD on the Worker.
Make sure META_REDIRECT_URI matches your public host, for example:

https://meta-mcp.gestalt.xyz/oauth/meta/callback

Open:

https://meta-mcp.gestalt.xyz/app

Met

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

58/100across 5 weighted dimensions

How we score →

0255075100

−42

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked meta-ads-mcp against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Meta Mcp safe to use?: Meta Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Meta Mcp?: Meta Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Meta Mcp?: Meta Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Meta Mcp actively maintained?: Meta Mcp is recently maintained — last commit was 66 days ago. It has 179 GitHub stars.