How to add MCP Dashboards to Cursor
Render interactive charts, dashboards and KPI widgets directly inside your AI conversation. Paste the config into ~/.cursor/mcp.json and restart Cursor.
Last updated June 14, 2026 · 33★ · stdio · no auth
Cursor config for MCP Dashboards
claude mcp add dashboard -- npx -y mcp-dashboards --stdio{
"mcpServers": {
"mcp-dashboards": {
"command": "npx",
"args": [
"-y",
"mcp-dashboards",
"--stdio"
]
}
}
}Setup steps
- 1Open Cursor → Settings → MCP → Add new MCP server (or edit ~/.cursor/mcp.json directly).
- 2Paste the MCP Dashboards config below into the "mcpServers" object.
- 3Fill in placeholder secrets, then save.
- 4Cursor reloads MCP servers automatically — check Settings → MCP for a green status dot.
- 5Ask Cursor to use one of MCP Dashboards's tools to confirm it's connected.
Before you start
- Node.js 18+
- An MCP Apps-compatible client (Claude Desktop, Claude Web, VS Code + Copilot, Goose, Postman, or MCPJam) for inline rendering; other clients get a browser preview link
What MCP Dashboards can do in Cursor
render_pie_chartPie/donut chart for composition — 'what makes up the whole?'
render_bar_chartBar chart for comparison — vertical, horizontal, stacked, drill-down.
render_line_chartLine/area chart for trends — smooth curves, gradient fills, time series.
render_scatter_chartScatter chart for relationships — per-point labels, annotations, quadrants.
render_candlestick_chartCandlestick chart for finance — OHLC data with volume bars.
render_radar_chartRadar chart for multi-axis comparison — skills, scores, product attributes.
render_treemap_chartTreemap for hierarchy — nested rectangles sized by value.
render_sankey_chartSankey diagram for flow — money, users, or resources between stages.
Security
All processing happens locally; no data is collected or transmitted externally. External calls only happen when you explicitly provide a URL or preset (render_from_url / poll_http), and both refuse private, loopback, and link-local addresses (e.g. 192.168.*, 169.254.169.254) to block prompt-injection SSRF, plus per-host rate limiting. Credentials in env-var presets (POLL_PRESET_<NAME>_HEADERS) stay server-side. The browser preview server and optional HTTP transport bind to 127.0.0.1 by default; set MCP_HTTP_BIND_HOST=0.0.0.0 only on a trusted network. Chart HTML files live in the system temp folder and auto-delete after 7 days.
MCP Dashboards + Cursor FAQ
Where is the Cursor config file?
Cursor reads MCP servers from ~/.cursor/mcp.json. Paste the MCP Dashboards config there under the "mcpServers" key and restart the client.
Is MCP Dashboards safe to use with Cursor?
All processing happens locally; no data is collected or transmitted externally. External calls only happen when you explicitly provide a URL or preset (render_from_url / poll_http), and both refuse private, loopback, and link-local addresses (e.g. 192.168.*, 169.254.169.254) to block prompt-injection SSRF, plus per-host rate limiting. Credentials in env-var presets (POLL_PRESET_<NAME>_HEADERS) stay server-side. The browser preview server and optional HTTP transport bind to 127.0.0.1 by default; set MCP_HTTP_BIND_HOST=0.0.0.0 only on a trusted network. Chart HTML files live in the system temp folder and auto-delete after 7 days.
Which AI clients support inline rendering?
Any MCP Apps-compatible client: Claude Desktop, Claude Web, VS Code (GitHub Copilot), Goose, Postman, and MCPJam. ChatGPT support is rolling out. Clients without MCP Apps still get a clickable http://localhost preview link plus a persistent file:// HTML artifact for each chart.
Do I need an API key?
No. The server requires no auth and all processing is local. API keys are only needed if you configure server-side live-polling presets (POLL_PRESET_<NAME>_URL / _HEADERS) to poll authenticated APIs — those credentials stay in env vars and never appear in the conversation.
Is my data sent anywhere?
No data is collected, transmitted, or stored externally. The only outbound calls happen when you explicitly provide a URL or preset for render_from_url / poll_http, and those are SSRF-guarded against private/loopback/link-local addresses and rate-limited per host.