arcade-mcp
Arcade MCP Server Framework: a Python framework/CLI for creating Model Context Protocol (MCP) servers with an opinionated project template, a runtime (stdio or HTTP transport), and support for tool-level requirements like secrets and OAuth-based auth injected at runtime.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Secrets and OAuth tokens are described as injected into a server-side Context so LLMs/MCP clients cannot see them. Tool-level auth uses scopes (fine-grained). TLS for HTTPS HTTP transport is implied by an HTTP endpoint and doc reference to /docs; exact enforcement is not verifiable from provided content. Dependency hygiene appears decent from pinned versions in the manifest, but no CVE/security audit data is provided.
⚡ Reliability
Best When
You want to implement MCP tools in Python with consistent patterns for authentication, secrets, and deployment/transport to popular MCP clients.
Avoid When
You need a fully specified REST/OpenAPI service for web clients only, or you require a hosting-free, zero-ops managed offering.
Use Cases
- • Build custom MCP servers with Python quickly (generate a project template, implement @app.tool functions)
- • Expose agent tools over MCP for Claude Desktop/Cursor/VS Code via stdio or HTTP transport
- • Wrap third-party APIs (e.g., Reddit OAuth) as callable MCP tools with per-tool auth scopes
- • Manage sensitive credentials by requiring secrets that are injected into the tool context at runtime
Not For
- • A standalone hosted API service with managed endpoints (it’s a framework you run/deploy)
- • Replacing a general-purpose REST backend or database layer
- • Use where you cannot run code (it requires your server runtime)
Interface
Authentication
The README example shows tool-level auth configured with a provider object (Reddit with scopes) and secrets injected into a Context at runtime; clients/LLMs cannot directly view secrets/tokens.
Pricing
No pricing information in provided content; appears to be open-source framework.
Agent Metadata
Known Gotchas
- ⚠ Tool results may include provider/API errors (e.g., httpx response.raise_for_status()). Agents may need to handle error strings/HTTP-related exceptions surfaced by the server.
- ⚠ HTTP transport example notes that tools requiring auth/secrets may require deployment (arcade deploy / Developer Dashboard) rather than local HTTP usage, which can surprise local testing workflows.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for arcade-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.