Vercel MCP Server
Community MCP server for managing Vercel projects, deployments, domains, edge config, secrets, and infrastructure
Score Breakdown
Server Info
- Package
- vercel-mcp
- Registry
- npm
- Repository
- vercel-community/vercel-mcp
- Maintainer
- VercelVendor
- Category
- Cloud & Infrastructure
- Tags
- hostingdeploymentnextjs
- Last Scanned
- 7 Apr 2026
Findings
9 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Uses a hardcoded DEFAULT_ACCESS_TOKEN constant in the source code (set to 'Your_Access_Token' placeholder). All API calls use Bearer token authentication against api.vercel.com. The token is expected to be configured as an environment variable or replaced in the source. No HTTP... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 6 of 67 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
Permission Granularity
LOWTool descriptions lack resource scope
Descriptions don't specify what data types or resources they access.
Add resource type statements to descriptions.
LLM Safety
MEDIUM10 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
MEDIUMOverlapping tool descriptions may cause wrong selection
Similar descriptions between tools could cause the LLM to pick the wrong one.
Differentiate descriptions with unique use cases.
Data Exposure
MEDIUM14 list operations lack pagination
No list operations implement pagination parameters despite using paginated Vercel API endpoints. list_projects, list_deployments, list_edge_configs, list_secrets, list_env, list_environments, list_webhooks, logdrain_list, etc. all return full responses without limit/offset. The list_projects tool does simplify response to essential fields (id, name, framework, latestDeployment) but this is hardcoded, not configurable. Full API responses returned for all other tools.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by vercel-community
No official vendor backing.
Seek vendor verification.
Tools
67 total| Name | Description | Risk |
|---|---|---|
| list_projects | List all projects from Vercel. Commands: 'list projects', 'show projects', 'get projects', 'list all projects', 'show all projects', 'get all projects', 'list vercel projects', 'show my projects', 'list my projects', 'get my projects', 'retrieve projects', 'fetch projects', 'display projects', 'view projects' | read |
| create_project | Create a new project with the provided configuration | write |
| delete_project | Delete a project | admin |
| get_project_domain | Get project domains | read |
| update_project | Update project configuration | write |
| add_project_member | Add a member to a project | write |
| list_project_members | List project members | read |
| remove_project_member | Remove a project member | admin |
| request_project_transfer | Request transfer of project ownership | admin |
| accept_project_transfer | Accept a project transfer request | admin |
| list_deployments | List deployments for a project | read |
| create_deployment | Create a new deployment with all required data | write |
| get_deployment | Get deployment details | read |
| cancel_deployment | Cancel a running deployment | write |
| delete_deployment | Delete a deployment | admin |
| promote_deployment | Promote a deployment to production | write |
| get_deployment_events | Get deployment build events/logs | read |
| list_deployment_files | List files in a deployment | read |
| upload_deployment_files | Upload files for a deployment | write |
| get_deployment_file | Get a specific deployment file | read |
| pause_project | Pause a project | admin |
| get_promotion_aliases | Get promotion aliases for a project | read |
| update_deployment_integration | Update deployment integration configuration | write |
| create_edge_config | Create a new Edge Config | write |
| create_edge_config_token | Create a new Edge Config Token | write |
| list_edge_configs | List all Edge Configs | read |
| get_edge_config | Get Edge Config details | read |
| update_edge_config | Update an Edge Config | write |
| delete_edge_config | Delete an Edge Config | admin |
| list_edge_config_items | List Edge Config items | read |
| get_edge_config_item | Get a specific Edge Config item | read |
| update_edge_config_items | Batch update Edge Config items | write |
| get_edge_config_schema | Get Edge Config schema | read |
| update_edge_config_schema | Update Edge Config schema | write |
| delete_edge_config_schema | Delete Edge Config schema | admin |
| list_edge_config_tokens | List Edge Config tokens | read |
| get_edge_config_token | Get a specific Edge Config token | read |
| delete_edge_config_tokens | Delete Edge Config tokens | admin |
| list_edge_config_backups | List Edge Config backups | read |
| get_edge_config_backup | Get a specific Edge Config backup | read |
| create_secret | Create a new secret | write |
| update_secret_name | Change the name of a secret | write |
| delete_secret | Delete a secret | admin |
| get_secret | Get a secret by name or ID | read |
| list_secrets | List all secrets | read |
| add_env | Add environment variables to a project | write |
| update_env | Update an environment variable | write |
| delete_env | Delete an environment variable | write |
| get_env | Get an environment variable | read |
| list_env | List environment variables for a project | read |
| create_environment | Create a custom environment for a project | write |
| delete_environment | Delete a custom environment | admin |
| get_environment | Get environment details | read |
| list_environments | List environments for a project | read |
| update_environment | Update a custom environment | write |
| create_webhook | Create a webhook | write |
| delete_webhook | Delete a webhook | admin |
| list_webhooks | List webhooks | read |
| get_webhook | Get webhook details | read |
| logdrain_create | Create a log drain | write |
| logdrain_create_integration | Create a log drain integration | write |
| logdrain_delete | Delete a log drain | admin |
| logdrain_delete_integration | Delete a log drain integration | admin |
| logdrain_get | Get log drain details | read |
| logdrain_list | List log drains | read |
| logdrain_list_integration | List log drain integrations | read |
| send_web_vitals | Send web vitals data | write |
Deploy Vercel MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow