Skip to content
RuleSellBeta
Sign up
Back to blog

Anthropic Quietly Archived 13 Reference MCP Servers. Here's What Replaced Them.

/RuleSell Team

The official MCP servers repo used to ship 20 reference implementations. Now it ships 7. The Postgres replacement has a known SQL-injection bypass still in use. Here's the migration map.

The official Anthropic MCP servers repo — github.com/modelcontextprotocol/servers — once shipped 20 reference implementations. Today it ships 7. The other 13 were archived in 2025, with no fanfare and minimal migration guidance. If you installed the official Postgres MCP server before the archive, the replacement most people moved to has a known SQL injection bypass that is still in active use.

This is the migration map nobody published. Here is what got archived, what the actual replacement is, and where the security gotchas hide.

The current state of the official repo

The README on modelcontextprotocol/servers is short. The reference servers it still ships are:

  • Everything — protocol exerciser (testing tool, not for production)
  • Fetch — HTTP GET with content extraction
  • Filesystem — local file read/write
  • Git — repo operations
  • Memory — knowledge graph persistence
  • Sequential Thinking — chain-of-thought reasoning helper
  • Time — timezone math
That's it. Seven. The README explicitly says everything else has been archived — "we've removed reference servers that were better maintained by their respective communities." The list of archive removals, reconstructed from git history and community discussion, is 13 servers. Some of them were the most-installed MCPs in the ecosystem.

Here's the inventory.

The 13 archived servers — and what to install instead

1. Postgres — archived

What it was: @modelcontextprotocol/server-postgres, the reference SQL-over-MCP implementation. The problem: Known SQL injection bypass via transaction control. The query sanitization could be defeated with COMMIT; DROP TABLE users; -- style payloads, because the server allowed multi-statement execution. The CVE was filed, the issue was discussed, and Anthropic archived the server rather than maintaining the fix. The replacement most people use: crystaldba/postgres-mcp. Apache-2 license, actively maintained, used by thousands of developers. Critically, the crystaldba README explicitly documents that the original SQL injection vector is fixed in their fork — but only if you use their query mode, not their raw passthrough mode. The gotcha: Many tutorials still link to the archived Anthropic server. Glama and mcp.so both still list it as "available." If you npx @modelcontextprotocol/server-postgres, you are installing the archived version with the known vulnerability. Search your claude_desktop_config.json for server-postgres and verify which fork you're on. RuleSell recommendation: crystaldba in query mode, never raw-passthrough mode unless your database has read-only credentials.

2. GitHub — archived

What it was: The first MCP server most people installed. Read/write GitHub repos, issues, PRs. The replacement: github/github-mcp-server — GitHub's own official server, now maintained by Microsoft directly. Better OAuth flow, scoped tokens, fine-grained permissions. The gotcha: The archived Anthropic server used a flat personal-access-token. The new GitHub server requires either OAuth or a fine-grained PAT with explicit repo scopes. If you copy-paste your old config, the new server will reject the token format. The error message is unhelpful ("authentication failed") — the actual issue is scope. RuleSell recommendation: github/github-mcp-server with fine-grained PAT scoped per-repo. Never use a classic PAT.

3. Slack — archived

What it was: Read Slack messages, post to channels, list users. The replacement options: The gotcha: The two options have different security models. The official server requires admin approval at most enterprises. The korotovsky stealth mode bypasses that — which is useful for personal use and a fireable offense at a regulated company. Pick deliberately. RuleSell recommendation: Official Slack MCP for work accounts, korotovsky for personal Slack workspaces only.

4. Puppeteer — archived

What it was: Browser automation via Puppeteer. The replacement: microsoft/playwright-mcp — Microsoft's official, much better maintained, supports Chrome/Firefox/WebKit. The gotcha: Playwright MCP is heavier than Puppeteer MCP was. If you only need "navigate and screenshot," the resource overhead is real (200MB+ on disk for browser binaries). For lightweight cases, browserbase/mcp (remote-execution) is lighter. RuleSell recommendation: Playwright MCP for local work, Browserbase for production agents.

5. Google Drive — archived

What it was: Read Google Drive files. The replacement: taylorwilsdon/google_workspace_mcp — covers Drive, Gmail, Calendar, Sheets in one server. Or use Google's official Google Workspace remote MCPs (multiple — confusing). The gotcha: Google's official MCPs are per-service (Gmail MCP, Drive MCP, Calendar MCP) and require separate OAuth flows. The taylorwilsdon community version bundles them with one OAuth flow. The bundled approach is convenient but means a token leak exposes all services at once. Trade-off. RuleSell recommendation: taylorwilsdon for solo/small team, official Google remote MCPs for enterprise.

6. SQLite — archived

What it was: Local SQLite database access. The replacement: mcp-server-sqlite (community) — basically the same code path, maintained. The gotcha: Same shape as Postgres: multi-statement execution is dangerous if you connect to a database with write permissions. Default to read-only connections. RuleSell recommendation: Use with a read-only database file, never write-capable.

7. Brave Search — archived

What it was: Web search via Brave Search API. The replacement: brave/brave-search-mcp-server — Brave's own official maintained version. Same API, better-maintained. The gotcha: None major. Drop-in replacement.

8. Memory — kept

Still in the official repo. No migration needed.

9. Sequential Thinking — kept

Still in the official repo. No migration needed.

10. AWS KB Retrieval — archived

What it was: Knowledge base lookup for Amazon Bedrock. The replacement: awslabs/mcp — AWS Labs ships 60+ official MCP servers now, including a Bedrock KB retrieval one. Discoverability is genuinely bad — most users find 3-5 of the 60. Worth browsing the full list. The gotcha: Some AWS MCPs are remote-hosted (require AWS credentials) and some are local-run (require Bedrock IAM permissions). Confusing. RuleSell recommendation: Start with awslabs/mcp-server-aws-documentation for read-only research, expand from there.

11. EverArt — archived

What it was: AI image generation. The replacement: No direct replacement maintained at parity. Most teams moved to provider-specific MCPs (OpenAI image gen MCP, Replicate MCP, FAL.ai MCP) or skipped MCP entirely and called the image API directly. The gotcha: This is the one archived server with no clear successor. If you depended on EverArt, you're in fork-and-maintain territory.

12. Google Maps — archived

What it was: Geocoding and place search. The replacement: google-maps-mcp — community-maintained, works with a Maps API key. The gotcha: Google Maps API now requires a billing account even for the free tier. Setup is more painful than it was.

13. Sentry — kept by Sentry

What it was: Sentry error access. The replacement: Sentry's official remote MCP — runs at mcp.sentry.dev, OAuth-based, much better than the archived one. The gotcha: None major. Switch is clean.

The pattern

Look at the 13 archived servers. Eight of them were replaced by the vendor's own official MCP server (GitHub, Sentry, Slack, AWS, Google). Three were replaced by single-maintainer community forks (Postgres → crystaldba, SQLite → anaisbetts, Maps → cablate). One was replaced by a competitor's better version (Puppeteer → Microsoft Playwright). One has no clear replacement (EverArt).

The takeaway: Anthropic's reference implementations were placeholders. They existed to demonstrate the protocol, not to be production tools. Once vendors realized MCP mattered, they shipped their own — and Anthropic stepped back rather than compete with the people who actually own the underlying APIs.

This is healthy ecosystem behavior. It is also a migration map nobody wrote down.

The security ledger

Three of the archived servers had known security issues at the time of archive:

Postgres — SQL injection via transaction control. Still being exploited because the archived server is still installable from npm. Search HN for "postgres mcp injection" and you'll find people who hit it in March 2026. Filesystem — CVE-2025-53109 / CVE-2025-53110 ("EscapeRoute"). Path traversal vulnerabilities in the reference filesystem server. The official repo patched these in v0.6.0 in mid-2025. Anyone on v0.5.x or below is exposed. Our state-of-MCP-2026 piece covered the systemic version of this problem: 82% of MCP filesystem implementations had path traversal vulnerabilities, per a security survey. Brave Search — none directly, but archived servers in general have an authentication-rot problem. Tokens get committed to old configs, scopes drift, the original auth flow stops matching the current API. Brave's archived server worked fine the day it was archived. By six months later, the API endpoints had shifted and the auth headers needed updates that nobody made.

This is the structural problem with reference implementations: they exist to demonstrate, not to be maintained. Once Anthropic stopped maintaining them, the rot started immediately.

What to install today

If you're starting fresh in May 2026, here is the curated list of 13 "official-or-better" replacements for the 13 archived servers. We've verified each is actively maintained (commits in the last 90 days) and signed by either the vendor or a maintainer with a verifiable identity.

NeedInstall
Postgrescrystaldba/postgres-mcp (query mode)
GitHubgithub/github-mcp-server (official)
Slackdocs.slack.dev MCP (official) or korotovsky stealth (personal only)
Browser automationmicrosoft/playwright-mcp (official)
Google Workspacetaylorwilsdon/google_workspace_mcp
SQLiteanaisbetts/mcp-server-sqlite-npx
Brave Searchbrave/brave-search-mcp-server (official)
AWSawslabs/mcp (60+ official servers)
Image generationProvider SDK directly (no MCP successor)
Google Mapscablate/mcp-google-map
SentrySentry official remote MCP
MemoryOfficial modelcontextprotocol/servers Memory (still maintained)
Sequential ThinkingOfficial modelcontextprotocol/servers Sequential Thinking (still maintained)
For the seven still-shipped reference servers (Everything, Fetch, Filesystem, Git, Memory, Sequential Thinking, Time), you can keep installing the official version. They are actively maintained and patches ship.

Where this analysis fails

We did not personally audit each replacement's code. The "actively maintained, signed maintainer" criterion is heuristic — recent commits don't guarantee the code is secure. For production deployment, run static analysis on every MCP server you install, sandbox the process, and use the Anthropic MCP security best practices as your floor.

We also don't know if more reference servers will be archived. The trajectory is clear (Anthropic deprecates, vendors ship their own) but the timeline is not. If you build on a reference server today, assume it could be archived in 12 months.

The MCP ecosystem is genuinely young. The protocol itself is good. The maintenance story for community servers is brittle. Our state-of-MCP-2026 piece covered the systemic version of this. The archived-server map in this post is the version that matters today, for the people who installed the official MCPs and now need to migrate.

What this means for the MCP ecosystem

Three things, none of which are loud enough in the existing discourse.

1. There is no "official" MCP server for most things. The reference repo is now seven utilities. Everything else is community. The implicit trust signal that came with "this is from Anthropic" no longer exists for 80% of the MCPs people install. The trust layer has to come from somewhere else. 2. Per-vendor official MCPs are the new pattern. GitHub, Sentry, Slack, AWS, Google, Stripe, Notion, Linear all maintain their own. This is good. The downside: each one has its own auth flow, its own permission model, its own update cadence. The ecosystem is fragmenting into vendor silos that mirror the broader API ecosystem. 3. Aggregators matter more. When the reference repo had 20 servers, you went to Anthropic for the canonical list. When the reference repo has 7, you need to go somewhere. Glama lists 23,451 servers without curation. RuleSell exists to be the curation layer — verified, scanned, install-tested.

What to read next

Sources