New Relic MCP
MCP server for New Relic observability platform integration including NRQL queries, APM, alerts, synthetics, and entity management
Score Breakdown
Server Info
- Package
- newrelic-mcp
- Registry
- npm
- Repository
- cloudbring/newrelic-mcp
- Maintainer
- Community
- Category
- Developer Tools
- Tags
- observabilityapmmonitoring
- Last Scanned
- 7 Apr 2026
Findings
10 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio transport only. Uses a New Relic API key from environment variables. The server can start without credentials for tool discovery (Smithery compatibility) but validates credentials when tools are invoked. Account ID can be provided per-tool call via target_account_id parameter or set globally v... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
CRITICALDangerous execution surface: run_nrql_query accepts arbitrary NRQL queries
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: run_nerdgraph_query accepts arbitrary GraphQL queries/mutations that can modify New Relic configuration
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
Permission Granularity
HIGH2 destructive operations not isolated
Admin/delete tools are mixed with regular operations and cannot be independently disabled.
Namespace admin tools separately for independent access control.
LLM Safety
MEDIUM1 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
MEDIUMOverlapping tool descriptions may cause wrong selection
Similar descriptions between tools could cause the LLM to pick the wrong one.
Differentiate descriptions with unique use cases.
Data Exposure
MEDIUM3 list operations lack pagination
REST v2 tools (list_deployments_rest, list_apm_applications_rest, list_metric_names_for_host, get_metric_data_for_host, list_application_hosts) support page-based pagination with auto_paginate option. NerdGraph-based tools (list_alert_policies, list_apm_applications, list_synthetics_monitors) return all results without pagination. No field selection support.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by @cloudbring
No official vendor backing.
Seek vendor verification.
MEDIUM22 dependency vulnerabilities (13 high)
npm audit found 13 high severity CVEs.
Update vulnerable dependencies.
Tools
18 total| Name | Description | Risk |
|---|---|---|
| run_nrql_query | Execute NRQL queries against New Relic data to analyze metrics and events | read |
| list_apm_applications | List all APM applications in your New Relic account | read |
| search_entities | Search for entities in New Relic by name, type, or tags | read |
| get_entity_details | Get detailed information about a specific entity | read |
| list_alert_policies | List all alert policies in your New Relic account | read |
| list_open_incidents | List all open incidents in your New Relic account | read |
| acknowledge_incident | Acknowledge an open incident | write |
| list_synthetics_monitors | List all Synthetics monitors in your New Relic account | read |
| create_browser_monitor | Create a new browser-based Synthetics monitor | write |
| run_nerdgraph_query | Execute a custom NerdGraph GraphQL query | admin |
| create_deployment | Create a deployment marker for an APM application (REST v2). | write |
| list_deployments_rest | List deployments for an APM application (REST v2). | read |
| delete_deployment | Delete a deployment record (REST v2). Requires admin role permissions. | admin |
| list_apm_applications_rest | List APM applications via REST v2. | read |
| list_metric_names_for_host | List metric names and values for a specific application host (REST v2). | read |
| get_metric_data_for_host | Get metric timeslices for metrics on a host (REST v2). | read |
| list_application_hosts | List hosts for an APM application (REST v2). | read |
| get_account_details | Get New Relic account details | read |
Deploy New Relic MCP securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow