sora-mcp
Provides an MCP server (stdio for local clients and HTTP for remote clients) that wraps OpenAI Sora 2 video generation APIs. Exposes tools to create videos, check job status, list jobs with pagination, download/save completed videos, remix existing videos, and delete jobs/assets.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
HTTP mode is described as running on port 3000, but README does not document authentication/authorization, rate limiting, or TLS requirements. OpenAI API key is provided via environment variables for the server process; however, there is no explicit guarantee about how the server secures/avoids leaking that key to clients or logs. Dependencies listed (express, dotenv, zod, MCP SDK) suggest typical Node hygiene, but no lockfile/CVE information is provided to confirm low risk.
⚡ Reliability
Best When
You want to drive Sora 2 video generation through an MCP-capable desktop/IDE client (Claude Desktop, VS Code, Cursor) with local stdio transport or a locally-hosted HTTP transport for testing.
Avoid When
You need strong, documented auth/rate-limit guarantees for untrusted remote callers, or you require a standardized REST/OpenAPI surface with published error codes and retry semantics.
Use Cases
- • Generate videos from text prompts via an MCP client
- • Remix or iterate on previously generated videos using a new prompt
- • Monitor long-running video generation jobs (queued/processing/completed)
- • Batch manage generation jobs (list with pagination, delete)
- • Automate saving downloaded outputs to a local directory
Not For
- • Directly serving end-user video content on the public internet without additional hardening
- • Use as a secure multi-tenant service without access controls and rate limiting
- • Workflows that require a formal OpenAPI/SDK client library beyond MCP tooling
Interface
Authentication
No user/auth layer is described for the HTTP MCP server; the README indicates the OpenAI API key is provided via server environment variables.
Pricing
Project README does not describe pricing. Costs depend on OpenAI API usage for video generation/remixing.
Agent Metadata
Known Gotchas
- ⚠ Remote HTTP mode is network accessible; without explicit auth/rate-limit documentation, agents may unintentionally stress the service or expose the OpenAI key indirectly if misconfigured.
- ⚠ Job-based tools are asynchronous: agents should expect queued/processing states and poll get-video-status until completed.
- ⚠ download-video provides a curl command; agents should ensure they handle the returned command safely and avoid logging sensitive artifacts.
- ⚠ save-video auto-downloads to a default local directory; agents should confirm output_path/filename to prevent overwriting or writing to unexpected locations.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for sora-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.