mcp
Provides a remote MCP server that lets an agent interact with Cloudflare’s APIs (up to thousands of endpoints) using a token-efficient Code Mode pattern. The agent searches Cloudflare’s spec server-side and then executes generated code that calls Cloudflare via an OAuth redirect flow or API token, returning results back to the agent.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses OAuth or API tokens; account tokens require Account Resources: Read. Explicitly disallows tokens with Client IP filtering, suggesting some auth-path limitations. No details provided on secret handling/logging, TLS requirements, or fine-grained permission/scopes management beyond Cloudflare token permissions. Security posture depends on the MCP server’s implementation of least privilege and safe handling of agent-supplied code.
⚡ Reliability
Best When
You want an agent to operate across many Cloudflare services while minimizing model context usage, and you can use OAuth or carefully-scoped API tokens.
Avoid When
You must support clients that require IP-filtered tokens (explicitly not supported) or you need predictable per-call rate limit behavior without any documentation on rate-limit headers.
Use Cases
- • Automate Cloudflare resource management (Workers, KV, R2, D1, Pages, DNS, etc.)
- • Admin/DevOps tasks like listing resources, creating/updating records and configurations
- • Build higher-level agent workflows that need broad Cloudflare API coverage without loading full OpenAPI schemas into the main model context
- • Run GraphQL Analytics queries via the same execute mechanism
Not For
- • Use cases requiring a standard REST SDK-only workflow without MCP/code-mode semantics
- • Environments that cannot use OAuth redirects or cannot securely manage long-lived API tokens
- • Workloads that require strict per-endpoint tool schemas without a code-execution abstraction (especially when codemode=false is undesired)
Interface
Authentication
OAuth is recommended and handled by redirect at the MCP server URL. API token support exists; for account tokens, the README requires the token include Account Resources: Read so the server can auto-detect account_id. Tokens with Client IP Address Filtering are not supported.
Pricing
No explicit pricing or rate-limit quotas are documented in the provided material; only relative token/context costs are discussed.
Agent Metadata
Known Gotchas
- ⚠ codemode=false registers ~2,500 endpoints as individual tools, significantly increasing token cost (~244k vs ~1k)
- ⚠ API tokens with Client IP Address Filtering are not supported
- ⚠ account_id may be required with user tokens; account tokens can auto-detect account_id but require Account Resources: Read
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.