lc-mcp-server

Provides a Go-based MCP server (per repository description) and an included/related utility to extract LeetCode authentication cookies (LEETCODE_SESSION and csrftoken) via interactive Chrome automation using chromedp. It outputs shell-exportable environment variables and supports caching until cookies expire.

Evaluated Apr 04, 2026 (16d ago)

Repo ↗ Ai Ml go mcp authentication cookies chromedp browser-automation security-sensitive automation

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Authentication is performed by extracting and exporting highly sensitive session/CSRF cookies. While the README warns not to share/commit tokens, it also mentions debug output and environment-variable exports, which can increase leak risk if logs/shell history are not handled carefully. TLS and secure transport requirements for any exposed service are not described; no scope-based authorization model is present.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You need a one-time (or infrequent) interactive login to obtain cookies for a local/private client, and you can protect the resulting environment variables.

Avoid When

You cannot securely handle or isolate sensitive session/CSRF tokens, or you need a stable, documented public API contract for programmatic use by an agent.

Use Cases

• Bootstrapping a LeetCode API/scraper or client that requires authenticated cookie headers
• Automating the manual login step for local scripts/bots where OAuth is not available
• Developer convenience for reusing session/csrf values in a Go/automation workflow

Not For

• Production-grade botting/scraping at scale
• Scenarios where you cannot run/automate a real browser (chromedp/Chrome required)
• Use in multi-tenant or shared environments where extracted tokens could leak

Interface

REST API

GraphQL

gRPC

MCP Server

SDK

Webhooks

Authentication

Methods: LeetCode cookie-based session authentication via browser-extracted cookies (LEETCODE_SESSION, CSRF token)

OAuth: No Scopes: No

The README focuses on extracting and exporting cookie values for subsequent requests; it does not describe an OAuth flow, scopes, or token lifecycle management beyond cookie expiry.

Pricing

Free tier: No

Requires CC: No

No pricing information provided.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ This is not an HTTP/API contract with structured responses; it is browser automation and environment-variable export.
⚠ Authentication involves sensitive cookies; agents must avoid logging or persisting these values unsafely.
⚠ Cloudflare/LeetCode challenges may require human interaction; automation may fail without manual completion.
⚠ No visible rate-limit guidance or structured error codes are documented in the provided README.

Alternatives

Official LeetCode authentication mechanisms (if available for your use case) Community/official APIs for LeetCode data (if applicable) Generic cookie-auth helpers or headless browser automation frameworks with stricter operational controls

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for lc-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.