robotmcp-server
robotmcp-server is a modular Model Context Protocol (MCP) server (Python/FastAPI) that discovers/loads MCP tools from git submodules, exposes an MCP-compatible HTTP transport endpoint, and can secure access via OAuth 2.1 with Supabase-backed user/session handling. It also supports Cloudflare Tunnel access and provides CLI commands for module management and connectivity verification.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS is implied by HTTPS for the tunnel URL pattern, but the README does not explicitly state HTTP/TLS enforcement for the local server. OAuth 2.1 + PKCE and JWT validation via Supabase are strong indicators, but the README does not describe fine-grained scopes; it also mentions creator-only access. Dependency hygiene and secret handling practices (e.g., no-log guarantees) are not verifiable from provided text. Treat submodule auto-install/discovery as a supply-chain risk area; pinning, verification, and provenance controls are not described.
⚡ Reliability
Best When
You want a self-hosted, extensible MCP server with automatic submodule tool discovery and optional OAuth/Supabase + Cloudflare tunnel for controlled remote access.
Avoid When
You cannot or do not want to manage OAuth flows, Supabase credentials, or a Cloudflare tunnel; or you require explicit, documented rate limits and formal API contracts beyond the described endpoints.
Use Cases
- • Run an MCP tool hub for one or more MCP client apps (e.g., Claude/ChatGPT)
- • Build an extensible MCP server by adding tool packs as git submodules
- • Provide authenticated, creator-only remote access to MCP tools via a Cloudflare tunnel
- • Centralize tool registration and dependency installation for modular MCP tools
Not For
- • Publicly exposing MCP tools without authentication/authorization review
- • Use in environments requiring open-source licensing or transparent source availability (repo indicates proprietary license)
- • Organizations needing guaranteed data residency/compliance assurances not specified by the project
Interface
Authentication
Auth is described as OAuth 2.1 with PKCE and dynamic client registration, plus Supabase-backed sessions/JWT validation. The README does not describe fine-grained scopes; access control appears role/creator-based.
Pricing
No pricing information for the service itself is provided. Cloudflare tunnel and Supabase (if used) may incur external costs, but not specified here.
Agent Metadata
Known Gotchas
- ⚠ MCP transport is described as streamable HTTP at /mcp with a legacy fallback /sse; clients/agents may need to try /mcp first.
- ⚠ OAuth is optional (ENABLE_OAUTH=false) but remote access via tunnel likely expects auth; automated setups must handle the login flow.
- ⚠ Submodule auto-discovery and auto-install happen at startup—agents should be prepared for network/package-install side effects.
- ⚠ Compatibility of submodules depends on presence of an integration.py with a register(mcp, **kwargs) function; missing integrations will lead to modules being marked incompatible.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for robotmcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.