{"id":"locomotive-agency-mcp-anywhere","name":"mcp-anywhere","homepage":null,"repo_url":"https://github.com/locomotive-agency/mcp-anywhere","category":"devtools","subcategories":[],"tags":["mcp","model-context-protocol","gateway","authentication","oauth","docker","secrets","tool-management","github-discovery"],"what_it_does":"MCP Anywhere is a Python-based gateway that discovers and manages MCP servers from GitHub repositories and exposes them via a unified endpoint. It includes web UI/API authentication, tool enablement controls, and Docker-based isolation for running MCP tools, with encrypted secret-file storage for credentials used by MCP servers.","use_cases":["Centralize access to multiple MCP tool servers (from GitHub repos) behind one endpoint","Use automated repository analysis to discover/auto-configure MCP tools","Manage per-server tool enablement and access control for teams","Run MCP tools in isolated Docker containers with mounted credentials/secrets","Integrate MCP tools into client apps (e.g., Claude Desktop via stdio or HTTP clients with bearer auth)"],"not_for":["High-assurance environments that require formally documented security guarantees/SLAs beyond what is described","Use cases needing a fully standardized REST/OpenAPI contract (not evidenced here)","Environments where AI-assisted repository analysis (Claude) is not acceptable"],"best_when":"You want a deployable gateway for MCP tooling with team authentication and credential/secrets management, and you’re comfortable running/managing the service and its Dockerized tool execution.","avoid_when":"You require strict compliance artifacts (e.g., SOC2/ISO attestations), or you cannot validate the security posture of running third-party MCP servers inside the gateway’s container sandbox.","alternatives":["Use MCP servers directly (standalone) and federate at the client layer","Use an MCP “host”/runner that you deploy without automated GitHub-based discovery","Build a custom gateway using MCP SDKs and explicit tool configuration per server"],"af_score":51.2,"security_score":69.0,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:25:32.352352+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Session-based web authentication (cookies)","JWT-based API authentication","Google OAuth (OAuth2/2.1 with PKCE support)"],"oauth":true,"scopes":false,"notes":"Auth is described as including JWT tokens with scope validation plus web sessions; however, specific API routes/scopes are not documented in the provided README content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing/hosting model described; appears to be self-hosted open-source under MIT."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":true,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":51.2,"security_score":69.0,"reliability_score":32.5,"mcp_server_quality":65.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":20.0,"tls_enforcement":90.0,"auth_strength":75.0,"scope_granularity":35.0,"dependency_hygiene":55.0,"secret_handling":85.0,"security_notes":"Uses HTTPS-oriented deployment defaults (Uvicorn/Fly), supports JWT API auth and Google OAuth with PKCE, and describes encrypted secret-file storage at rest (Fernet/AES-128) with read-only mounts into containers and isolated secret storage per server. Scope granularity and error-handling details are not documented in the provided README. Running third-party MCP servers via discovery increases supply-chain risk; effective isolation depends on Docker/container hardening beyond what’s shown.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":20.0,"error_recovery":55.0,"idempotency_support":"false","idempotency_notes":"Not described in the provided documentation.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Automated repository analysis depends on Anthropic/Claude API key and may be slow/costly or fail for unsupported repos.","Beta status suggests API/features may change.","Tool execution is containerized; agent workflows may need to handle container startup/health monitoring states.","Secret uploads and mounts introduce operational steps (file size limits, encryption at rest, mounting on container start) that can fail if misconfigured."]}}