rf-mcp
rf-mcp (RobotMCP) provides an MCP server that bridges natural-language intentions to executable Robot Framework test suites, including step-wise execution. It also includes optional transports (STDIO/HTTP), a Django frontend dashboard, a plugin system for additional Robot Framework libraries, and an HTTP debug-attach bridge to reuse a live Robot Framework ExecutionContext during debugging.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The README documents an attach bridge token mechanism (X-MCP-Token) and indicates the bridge binds to localhost by default, which is a good isolation signal. However, the main MCP HTTP endpoint authentication is not described, and no rate limiting or request validation details are provided. Docker/HTTP examples suggest plain local deployments; TLS enforcement and secure-by-default guidance are not evidenced. Dependency hygiene cannot be fully verified from provided content; manifest shows several common libraries (FastMCP, Robot Framework ecosystem) without CVE/patch info.
⚡ Reliability
Best When
You already use Robot Framework and want an MCP-enabled bridge to generate/execute test suites interactively (especially during agent-assisted test authoring/debugging), optionally with a dashboard and/or debug attach.
Avoid When
You cannot run the MCP server in a controlled environment (network isolation/localhost binding, firewalling) or you need strong guarantees about how credentials and generated actions are handled.
Use Cases
- • Generate Robot Framework test suites from natural language prompts
- • Execute and iterate on tests step-by-step via an MCP client
- • Web UI automation test creation using Browser/Playwright or SeleniumLibrary
- • Mobile automation test creation using AppiumLibrary
- • API testing via Robot Framework RequestsLibrary
- • Database-driven testing via Robot Framework DataBaseLibrary
- • Maintain a visual/debug dashboard of active sessions and tool activity
- • Attach to a running Robot Framework debug session to reuse variables/imports/keyword search order
Not For
- • Security-sensitive environments where an agent-controlled HTTP/STDIO service cannot be isolated
- • Production automation without validation/sandboxing of generated tests and tool calls
- • Use cases requiring a documented, formal REST/GraphQL API beyond MCP
- • Organizations needing strict compliance documentation (not evidenced in provided content)
Interface
Authentication
The main MCP server authentication/authorization mechanisms are not described in the provided content. The debug attach bridge documents a shared token mechanism using the X-MCP-Token header; default token is noted as 'change-me' in examples (risk if not overridden).
Pricing
Open-source library (Apache-2.0 per manifest). Costs depend on runtime environment and any external LLM usage you integrate outside this package.
Agent Metadata
Known Gotchas
- ⚠ Generated tests can be stateful and non-idempotent; re-execution may repeat external side effects (web login/cart/checkout, etc.).
- ⚠ HTTP transport should be exposed carefully; no auth details for the MCP endpoint are provided in the README.
- ⚠ Debug attach bridge uses a shared token; default token values in examples should be changed to avoid unauthorized attachment.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for rf-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.