mcp-cli
mcpc (@apify/mcpc) is a universal CLI client for the Model Context Protocol (MCP) that exposes MCP server operations as intuitive shell commands, supports persistent sessions via a bridge process, and provides OAuth 2.1 (PKCE) and secure credential storage (OS keychain / fallback file). It can also output consistent JSON for scripting and includes a proxy mode for authenticated session access from AI “code mode” environments, with experimental x402 support for agentic payments.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README describes OAuth 2.1 with PKCE, secure credential storage using OS keychain with a documented fallback to a file store (mode 0600) for headless environments. It also supports Bearer tokens via --header stored securely in the OS keychain for the session. Rate limiting and transport-layer details beyond HTTPS defaults are not clearly specified in the provided excerpt.
⚡ Reliability
Best When
You need a CLI-first way to connect to MCP servers (stdio or streamable HTTP), maintain persistent sessions, and automate tool calls with machine-readable JSON and secure OAuth/Bearer auth handling.
Avoid When
You require a stable, documented REST/OpenAPI/SDK interface for MCP operations or strict guarantees about rate-limit behavior without server-specific context.
Use Cases
- • Inspecting MCP servers and listing tools/resources/prompts
- • Calling MCP tools from interactive shells or scripts
- • Integrating MCP into AI coding workflows via deterministic JSON output (code mode)
- • Maintaining stateful MCP sessions efficiently across repeated commands
- • Securely authenticating to OAuth-enabled MCP servers with PKCE and token refresh
- • Searching (grep) tools/resources/prompts across sessions for dynamic tool discovery
Not For
- • A general-purpose REST/GraphQL API wrapper for MCP outside CLI usage
- • Use as a standalone LLM/agent runtime (it explicitly “doesn’t use LLMs on its own”)
- • Environments that cannot support any form of secure credential storage (keychain or the documented file fallback)
Interface
Authentication
OAuth 2.1 + PKCE is documented as including discovery steps and automatic token refresh; Bearer tokens are stored securely for the session but not as reusable OAuth profiles. The README describes OS keychain storage with a fallback file store on headless environments.
Pricing
No pricing details in the provided content; x402 support is marked experimental as an agentic payments feature, not a pricing model for mcpc itself.
Agent Metadata
Known Gotchas
- ⚠ Key-value argument parsing uses := without spaces; spaces around := will break argument parsing.
- ⚠ JSON mode ( --json ) emits only JSON for most commands; it is not available for shell/login/help.
- ⚠ OAuth requires user-initiated login (browser open); mcpc won’t open the browser automatically.
- ⚠ Persistent sessions can become unauthorized/expired/crashed; agents should follow the documented recovery steps (login + restart/close as appropriate).
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-cli.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.