Index live · v1.3.0 · MAY 26 2026

21st.dev Magic

Official
by21st.dev

Create crafted UI components inspired by best design engineers.

stdioTypeScript
Listed official

Configuration

{
  "mcpServers": {
    "21st-dev": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-21st-dev"
      ]
    }
  }
}

Add this to your claude_desktop_config.json file.

Quick Stats

Trust LevelOfficial
Transportstdio
API KeyNot required
LanguageTypeScript
CategoryDesign & Creative
Visit Website

Author

2

21st.dev

Official

Tags

uicomponentsdesign-systemfrontend

AgenticSkills Audit

Automated framework checks. Deep code review tracked separately. Read the methodology →

1/2
1 of 2 automated checks passed
Audited May 11, 2026
Hosted endpoint
TLS-only (HTTPS) endpoint
Mitigates: Plaintext credential interceptionResponded 200 over HTTPS
Evidence
OAuth 2.1 metadata (RFC 9728)
Mitigates: Token mismanagement, audience confusionNo /.well-known/oauth-protected-resource (status 404)
Repo-level checks
SECURITY.md published
Mitigates: Coordinated disclosure pathHosted server — repo-level check not applicable
Commit in last 90 days
Mitigates: Maintainer abandonmentHosted server — no public commit log
≥2 active contributors
Mitigates: Bus-factor of oneHosted server — no public contributor list
CI pipeline configured
Mitigates: Code health regressionHosted server — no public CI
Dependency lockfile committed
Mitigates: Dependency confusionHosted server — repo-level check not applicable
Signed releases (npm provenance)
Mitigates: Supply-chain backdoorHosted server — supply chain via vendor
Software Bill of Materials (SBOM)
Mitigates: Audit trailHosted server — repo-level check not applicable
License declared
Mitigates: Legal ambiguityHosted server — vendor terms of service apply

Deep framework checks (OAuth 2.1 / PKCE implementation, input validation, sandboxing) require human source review and are tracked separately. This scorecard covers programmatically verifiable signals only.