chore/1446-mcp-version-auditCloses #1446. Splits doctor check to #1462.
Maps OrchestKit's 8 .mcp.json servers against npm upstream latest, documents each primary consumer, assigns risk tier. Audit date: 2026-04-22.
@latest — no project-level pinning. Breaking upstream changes propagate silently on next npx -y fetch.| MCP | Package | Pin | Upstream | Published | Tier | Primary consumer |
|---|---|---|---|---|---|---|
| context7 | @upstash/context7-mcp | @latest | 2.1.8 | 2026-04-13 | MED | many skills |
| sequential-thinking | @modelcontextprotocol/server-sequential-thinking | — | 2025.12.18 | 2026-02-06 | LOW | chain-patterns, brainstorm |
| memory | @modelcontextprotocol/server-memory | — | 2026.1.26 | 2026-02-06 | LOW | 46 files |
| tavily | tavily-mcp | @latest | 0.2.18 | 2026-03-12 | MED | chain-patterns fallback |
| agentation | agentation-mcp | @latest (disabled) | 1.2.0 | 2026-02-15 | HIGH | ui-feedback, verify |
| 21st-dev-magic | @21st-dev/magic | @latest | 0.1.0 | 2025-12-23 | HIGH | component-search (optional) |
| fal | fal-ai-mcp | @latest | 0.2.1 | 2026-03-07 | MED | none in core |
| ork-elicit | local plugins/ork/mcp-server/server.mjs | n/a | n/a | repo-versioned | LOW | in-tree |
.mcp.json)| MCP | Upstream | Consumer |
|---|---|---|
| notebooklm-mcp | 1.2.1 (2025-12-27) | ork:release-sync (assumes user-level config in ~/.claude.json) |
.mcp.json (MEDIUM priority)@latest on HIGH-tier — split to #1462release-sync skill (LOW)Last audited header (LOW)for pkg in @upstash/context7-mcp @modelcontextprotocol/server-sequential-thinking \
@modelcontextprotocol/server-memory tavily-mcp agentation-mcp \
@21st-dev/magic fal-ai-mcp notebooklm-mcp; do
v=$(npm view "$pkg" version 2>/dev/null)
pub=$(npm view "$pkg" time.modified 2>/dev/null | head -1)
printf "%-50s %-15s %s\n" "$pkg" "$v" "$pub"
done
Full matrix lives at src/skills/mcp-patterns/references/mcp-version-matrix.md.