Current time and IANA timezone conversion — the first-party MCP that tells an agent what time it actually is.
- Home
- Collections
- Best Read-Only MCPs
Best Read-Only MCPs
Read-only MCPs can inspect, query, and fetch — but they never write, post, or trigger side effects. That makes them the safest option for exploratory agent workflows, production databases, and anywhere a misfire would cost money or corrupt state.
read-onlyTop Read-Only MCPs ranked
Popularity-ordered. Click any card for install snippets, fact sheet, and trust signals.
Query and inspect MongoDB collections from Claude, Cursor, and VS Code.
Inspect keys, run commands, and debug Redis from an AI agent.
Inspect deployments, logs, and project state on Vercel from an AI agent.
Look up Terraform Registry providers and modules, and manage HCP Terraform workspaces from an AI agent.
Retrieve web pages and convert them to clean markdown.
Anthropic's reference Postgres MCP — archived July 2025 and superseded by Postgres MCP Pro or the Supabase MCP.
Official Plaid MCP — developer sandbox tooling and dashboard diagnostics, not a live bank-data connector.
Query ClickHouse and ClickHouse Cloud columnar warehouses from an AI agent.
Search indices, inspect mappings, and run queries against Elasticsearch from an AI agent.
Inject 1Password secrets into an AI agent's tool calls without exposing them in chat.
Inject secrets from Doppler into agent workflows without exposing values in chat.
Manage Bitbucket Cloud repos, pipelines, and pull requests from an AI agent.
Official Mapbox MCP — geocoding, directions, isochrones, search, and tiles across the Mapbox API surface.
Official Foursquare Places MCP — POI search, GeoTagging, and rich place metadata across 100M+ places.
Live SERP, keyword, backlink, and on-page SEO data for an AI agent.
Score npm, PyPI, Go, and Maven dependencies for supply-chain and vulnerability risk before an agent installs them.
Query Google Ads campaigns, metrics, and account performance with GAQL — Google's official MCP.
Inspect AWS resources, read CloudWatch logs, and audit IAM from an AI agent.
Query GA4 reports, funnels, and realtime data from an AI agent.
Triage errors, inspect traces, and query events from Sentry.
Search and read Google Drive files from an AI agent (archived reference implementation).
Run read-only MySQL queries and inspect schemas from an AI agent.
Real-time web search with privacy-focused results.
Up-to-date library docs pulled directly into your AI context.
Search, inspect, and run Hugging Face models and datasets from an agent.
Geocoding, place search, directions, and travel times from Google Maps.
Real-time and forecast weather data via the OpenWeatherMap API.
Inspect Figma designs, components, and variables from an agent.
Query Google BigQuery datasets from Claude, Cursor, and VS Code.
Self-hosted Git server — manage repos, issues, and PRs from an AI agent.
Inspect schemas and run SQL against a Snowflake account from an AI agent.
Official Fireflies remote MCP — query meeting transcripts, AI summaries, and action items via OAuth or API key.
Official Fathom remote MCP — access meeting recordings, transcripts, summaries, and webhooks from any MCP client.
Query Search Console clicks, impressions, and queries from an AI agent.
Manage Porkbun domains, DNS, DNSSEC, and SSL — read-only by default. Community MCP repository archived; Porkbun itself is unaffected.
Anthropic-verified Fellow Connector — query meeting notes, transcripts, action items, and calendar events from Claude.
FAQ: Read-Only
Why use a read-only MCP specifically?
Agents will sometimes call tools you didn't expect. For a production database or a paid API, you want the server itself to refuse mutations — not just your prompt asking it nicely. Read-only is a hard stop, not a soft hint.
Can I make any MCP read-only?
Partially. Many MCPs gate writes behind environment variables or credentials scopes. If the MCP exposes write tools but you hand it read-only credentials, the write calls will fail at the API layer — same outcome in practice.

