mcp2cli
mcp2cli is a Python CLI that turns an MCP server, an OpenAPI spec, or a GraphQL endpoint into executable CLI subcommands at runtime (no codegen). It can list tools/operations, call them with arguments, supports OAuth, caching (for specs/tool lists), “bake mode” to save connection configs, and produces token-efficient output modes for LLMs (e.g., TOON).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses HTTPS URLs for remote endpoints by convention (TLS assumed via http client); supports OAuth flows and caching of tokens on disk. Secret handling includes env:/file: prefixes to avoid leaking secrets in process listings/CLI args. However, there is no explicit mention of secure token storage, redaction coverage, or rate limiting controls; MCP stdio mode runs local commands, increasing risk if inputs are untrusted.
⚡ Reliability
Best When
You want an agent to dynamically discover and call tools across MCP/OpenAPI/GraphQL without generating client code, and you benefit from token-efficient outputs and cached introspection.
Avoid When
You need a strongly governed SDK/typed client with strict compile-time contracts, or you cannot risk local command execution (for MCP stdio mode) or cannot store OAuth tokens/caches on disk.
Use Cases
- • Give an AI coding agent a discoverable command-line interface for an MCP server
- • Rapidly expose an OpenAPI API as a CLI for automation and agent tool-calling
- • Interact with GraphQL queries/mutations from the command line with auto-generated selection sets
- • Cache introspection results (specs/tool lists) to reduce repeated discovery latency
- • Wrap frequently used API connections as baked CLI tools
Not For
- • Production API security gateway (it is a client-side CLI, not a policy enforcement layer)
- • High-integrity environments requiring strict guarantees about idempotency or transaction semantics (depends on target API/tool)
- • Usage scenarios where you cannot safely run arbitrary stdio MCP server commands (mcp-stdio involves executing a command)
Interface
Authentication
OAuth tokens are persisted to ~/.cache/mcp2cli/oauth/ and refresh automatically; custom auth headers are supported. The README indicates secret support via env:/file: prefixes to reduce shell-argument exposure.
Pricing
Open-source CLI (MIT). No hosted pricing described.
Agent Metadata
Known Gotchas
- ⚠ When using MCP stdio mode (--mcp-stdio), the CLI executes a local command to start the MCP server; agents should avoid untrusted commands/parameters.
- ⚠ Subcommands are generated dynamically from discovered tools/operations; agents should run --list (or --search) before assuming availability/argument shapes.
- ⚠ OAuth token persistence and cache locations are local; agents should be aware of filesystem permissions and multi-user environments.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp2cli.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.