openfoodfacts-mcp-server
Provides an MCP server for querying the Open Food Facts product dataset. It downloads/caches a Parquet product database and uses DuckDB for fast search, exposing MCP tools for brand/name lookup and barcode lookup. Supports local STDIO (Claude Desktop) mode without auth and remote HTTP mode with Bearer-token auth (except /health).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses Bearer token auth for the HTTP JSON-RPC MCP endpoint and states /health is unauthenticated. No evidence in provided README of per-user scopes, audit logs, or rate-limit controls. TLS requirements are not explicitly documented; for remote deployment, assume HTTPS should be configured at the server/proxy level. Secret handling is not described beyond an environment variable token, with no further details on logging/redaction.
⚡ Reliability
Best When
You want agent-callable, read-only product search over Open Food Facts with local dataset caching (fast queries) or a simple authenticated MCP-as-a-service deployment.
Avoid When
You need strict security/compliance guarantees around secrets, auditability, or per-tenant access control; or you need publicly accessible endpoints without auth beyond /health.
Use Cases
- • Local Claude Desktop integration to search Open Food Facts products by brand and name
- • Barcode lookups (UPC/EAN) via MCP tools
- • Running OpenFoodFacts search as an internal/shared MCP service over HTTP JSON-RPC
- • Building applications that need fast, local analytics-style querying over the Parquet product database via DuckDB
Not For
- • Public unauthenticated deployment on the open internet
- • Use as a general OpenFoodFacts API for arbitrary REST-style needs (it’s MCP-focused and limited to described tools)
- • Scenarios requiring fine-grained per-user authorization/tenancy (auth appears to be a single shared bearer token)
Interface
Authentication
HTTP mode requires OPENFOODFACTS_MCP_TOKEN for the /mcp endpoint; /health is unauthenticated. Scopes/granularity are not described, suggesting a single shared token model.
Pricing
Open-source project; costs are mainly your infrastructure (dataset download/storage, compute for DuckDB queries).
Agent Metadata
Known Gotchas
- ⚠ Remote HTTP mode uses a single bearer token; agents must pass it reliably for /mcp calls.
- ⚠ STDIO mode has no auth but relies on local environment configuration (e.g., DATA_DIR, OPENFOODFACTS_MCP_TOKEN in the Claude Desktop config example).
- ⚠ Tool outputs may include many fields vs the simplified search tool; agents should choose the simplified tool to reduce response size/token usage.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for openfoodfacts-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.