mathom

mathom is a local-first platform to run and monitor MCP (Model Context Protocol) servers, providing a local dashboard, live logs/metrics/status, and OAuth2-based authentication so MCP clients can access servers securely.

Evaluated Mar 30, 2026 (22d ago)
Repo ↗ DevTools mcp oauth2 local-first dashboard monitoring cli proxy docker
⚙ Agent Friendliness
31
/ 100
Can an agent use this?
🔒 Security
53
/ 100
Is it safe for agents?
⚡ Reliability
15
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
0
Documentation
55
Error Messages
0
Auth Simplicity
70
Rate Limits
0

🔒 Security

TLS Enforcement
60
Auth Strength
70
Scope Granularity
30
Dep. Hygiene
50
Secret Handling
50

Security is described at a high level via OAuth2. The README does not specify TLS requirements, token lifetimes, refresh behavior, PKCE, or scope granularity. Example docker usage passes PATs via env/flags, which increases the risk of leaking secrets via shell history/process logs unless carefully handled. Presence of a DATABASE_URL suggests persisted state that may require secure configuration (permissions, encryption at rest), but details are not provided.

⚡ Reliability

Uptime/SLA
0
Version Stability
40
Breaking Changes
0
Error Recovery
20
AF Security Reliability

Best When

You want to run MCP servers on your machine (or self-hosted) with OAuth2 authentication and want operational visibility through a UI.

Avoid When

You need a clearly specified public API contract (OpenAPI/SDK/webhooks) for automation, or you cannot or do not want to manage local services (database/log endpoints) and container setup.

Use Cases

  • Running MCP servers locally with centralized authentication
  • Monitoring MCP server health and troubleshooting via a dashboard
  • Launching standard MCP servers via a simple CLI (mcx)
  • Wrapping STDIO MCP servers inside Docker with a proxy layer

Not For

  • A managed hosted MCP platform where you cannot run infrastructure
  • A fully documented public REST/SDK surface intended for third-party programmatic integration
  • Use cases requiring explicit, fine-grained authorization beyond the documented OAuth2 approach

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: OAuth2 (as described for MCP clients that support OAuth2)
OAuth: Yes Scopes: No

README states 'Built-in OAuth2' and provides BETTER_AUTH_URL configuration, but does not document token endpoint, redirect flows, or any scope model.

Pricing

Free tier: No
Requires CC: No

Self-hosted open-source; no commercial pricing information provided in the README.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • README focuses on CLI usage and UI; it does not document programmatic API endpoints, response schemas, or error formats for agent automation.
  • Configuration references multiple required URLs (BETTER_AUTH_URL, LOG_URL, DATABASE_URL), so local setup is non-trivial for automated agents.

Alternatives

@modelcontextprotocol/inspector Running MCP servers directly (without a supervising platform) Other MCP gateways/proxies that provide auth and routing (if available in your ecosystem)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mathom.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered