xiaoya-teacher-mcp-server
This package provides a Python-based MCP server for “Xiaoya” (小雅) education management, exposing tools for teacher-oriented workflows such as course resource management, question/quiz creation and management, classroom & attendance (签到) queries, and task/assignment + grading workflows. It supports multiple MCP transports (stdio by default, plus SSE and streamable HTTP). Authentication to the upstream service can be done either via account/password (with server-side token caching and automatic re-login) or via a provided Bearer token.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
HTTPS/TLS enforcement is not explicitly stated in the README (remote transports show HTTP examples). Authentication supports account/password and bearer tokens; account/password mode implies token caching, and bearer mode does not auto-refresh. No evidence of fine-grained authorization scopes per tool is documented. Secrets handling details (e.g., whether credentials/tokens are ever logged) are not specified, so this score is conservative. Dependency list is small and bounded versions are suggested, but no vulnerability posture is documented.
⚡ Reliability
Best When
You want an MCP integration path for an AI assistant (e.g., Claude Desktop/Cursor) to automate teacher management tasks, and you can run the MCP server locally or in a controlled network with the specified authentication approach.
Avoid When
You need fine-grained authorization controls per tool/user, strong secrets-handling guarantees (beyond what’s described), or you can’t tolerate beta-stage software with limited evidence of robustness/testing.
Use Cases
- • Integrate an AI assistant with Xiaoya education management via MCP tools
- • Create and manage question banks (multiple question types, rich text, batch operations)
- • Manage course resources and files (create/update/delete, download, markdown conversion)
- • Query classroom info and attendance/签到 statistics
- • Publish tasks/quizzes, review submissions, and record grades/feedback
Not For
- • Production-grade classroom systems requiring a documented SLA, rigorous operational guarantees, and comprehensive security hardening
- • Environments where you cannot securely handle account/password or tokens (especially over HTTP)
- • Use cases that need a stable, documented public REST/GraphQL/OpenAPI API for long-term machine integration
Interface
Authentication
No OAuth is described. Authentication is described at the MCP transport boundary using environment variables for stdio and HTTP headers for remote transports. Fine-grained scopes/permissions are not documented.
Pricing
No pricing information is provided; this appears to be a self-hosted open-source Python package (MIT).
Agent Metadata
Known Gotchas
- ⚠ Token-expiry handling differs by auth mode: account/password mode may auto re-login and retry once; Bearer-token mode requires the caller to refresh and retry.
- ⚠ Remote HTTP transports accept credentials via headers; ensure clients are configured to avoid leaking credentials in logs.
- ⚠ Default behavior returns summaries to save tokens; requesting full details may increase response size and latency.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for xiaoya-teacher-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.