mcp

Name: mcp
Author: cloudflare

by cloudflare

Warning

MCP server for the Cloudflare API

484stars

49forks

TypeScript

Added 3/1/2026

View on GitHub Download ZIP Scan for vulnerabilities

MCP Serverscloudflarecloudflare-workersmcpmcp-server

Installation

# Add to your Claude Code skills
git clone https://github.com/cloudflare/mcp

Getting Started

Guides for using mcp servers skills like mcp.

Best MCP Servers in 2026
Category-by-category picks: databases, dev tools, productivity, browser automation.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills
First-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.

Security ReportWarning

Last scanned: 5/18/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@cloudflare/vitest-pool-workers: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@hono/node-server: @hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "express-rate-limit: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "hono: Hono missing validation of cookie name on write path in setCookie()",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "miniflare: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "wrangler: Vulnerability found",
      "severity": "high"
    }
  ],
  "status": "WARNING",
  "scannedAt": "2026-05-18T08:04:01.593Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Cloudflare MCP Server

A token-efficient MCP server for the entire Cloudflare API. 2500 endpoints in 1k tokens, powered by Code Mode.

Token Comparison

| Approach | Tools | Token cost | Context used (200K) | | ------------------------------------------- | ----- | ---------- | ------------------- | | Raw OpenAPI spec in prompt | — | ~2,000,000 | 977% | | Native MCP (full schemas) | 2,594 | 1,170,523 | 585% | | Native MCP (minimal — required params only) | 2,594 | 244,047 | 122% | | Code mode | 2 | 1,069 | 0.5% |

Get Started

MCP URL: https://mcp.cloudflare.com/mcp

Option 1: OAuth (Recommended)

Just connect to the MCP server URL - you'll be redirected to Cloudflare to authorize and select permissions.

Example JSON Configuration

{
  "mcpServers": {
    "cloudflare-api": {
      "url": "https://mcp.cloudflare.com/mcp"
    }
  }
}

Option 2: API Token

For CI/CD, automation, or if you prefer managing tokens yourself.

Create a Cloudflare API token with the permissions you need. Both user tokens and account tokens are supported. For account tokens, include the Account Resources : Read permission so the server can auto-detect your account ID.

Note: API tokens with Client IP Address Filtering enabled are not currently supported.

Add to Agent

| Setting | Value | | ------------ | --------------------------------------------------------------------------- | | MCP URL | https://mcp.cloudflare.com/mcp | | Bearer Token | Your Cloudflare API Token |

Disable Code Mode

If your MCP client already uses code mode, or you're composing this server with another server that uses code mode, you can disable it with the ?codemode=false query parameter. This registers an individual tool for each of the ~2,500 Cloudflare API endpoints instead of the 2 code mode tools.

https://mcp.cloudflare.com/mcp?codemode=false

Example JSON Configuration

{
  "mcpServers": {
    "cloudflare-api": {
      "url": "https://mcp.cloudflare.com/mcp?codemode=false"
    }
  }
}

When code mode is disabled:

Each API endpoint is registered as its own tool (e.g., get_workers_scripts, post_d1_database)
Tool input schemas are derived from the endpoint's path parameters, query parameters, and request body
Tools make direct API calls — no code execution involved
Path parameters like account_id are auto-resolved when possible (single account)

Note: Disabling code mode significantly increases the token cost (~244k tokens vs ~1k tokens). Only disable it when necessary for composition with other code mode systems.

The Problem

The Cloudflare OpenAPI spec is 2 million tokens. Even with native MCP tools using minimal schemas, it's still ~244k tokens. Traditional MCP servers that expose every endpoint as a tool leak this entire context to the main agent.

This server solves the problem by using code execution in a Code Mode pattern - the spec lives on the server, and only the result of the code execution is returned to the agent.

Tools

Agent writes code to search the spec and execute API calls.

| Tool | Description | | --------- | ----------------------------------------------------------------------------- | | search | Write JavaScript to query spec.paths and find endpoints | | execute | Write JavaScript to call cloudflare.request() with the discovered endpoints |

Agent                         MCP Server
  │                               │
  ├──search({code: "..."})───────►│ Execute code against spec.json
  │◄──[matching endpoints]────────│
  │                               │
  ├──execute({code: "..."})──────►│ Execute code against Cloudflare API
  │◄──[API response]──────────────│

Supported Products

Workers, KV, R2, D1, Pages, DNS, Firewall, Load Balancers, Stream, Images, AI Gateway, Vectorize, Access, Gateway, and more. See the full Cloudflare API schemas.

Usage

Once configured, just ask your agent to do things with Cloudflare:

"List all my Workers"
"Create a KV namespace called 'my-cache'"
"Add an A record for api.example.com pointing to 192.0.2.1"

The agent will search for the right endpoints and execute the API calls. Here's what happens behind the scenes:

// 1. Search for endpoints
search({
  code: `async () => {
    const results = [];
    for (const [path, methods] of Object.entries(spec.paths)) {
      for (const [method, op] of Object.entries(methods)) {
        if (op.tags?.some(t => t.toLowerCase() === 'workers')) {
          results.push({ method: method.toUpperCase(), path, summary: op.summary });
        }
      }
    }
    return results;
  }`,
});

// 2. Execute API call (user token - account_id required)
execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "GET",
      path: \`/accounts/\${accountId}/workers/scripts\`
    });
    return response.result;
  }`,
  account_id: "your-account-id",
});

// 2. Execute API call (account token - account_id auto-detected)
execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "GET",
      path: \`/accounts/\${accountId}/workers/scripts\`
    });
    return response.result;
  }`,
});

GraphQL Analytics API

The server automatically detects and handles Cloudflare's GraphQL Analytics API endpoints. GraphQL queries work seamlessly through the same execute tool:

execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "POST",
      path: "/client/v4/graphql",
      body: {
        query: \`query {
          viewer {
            zones(filter: { zoneTag: "your-zone-id" }) {
              httpRequests1dGroups(limit: 7, orderBy: [date_ASC]) {
                dimensions {
                  date
                }
                sum {
                  requests
                  bytes
                  cachedBytes
                }
              }
            }
          }
        }\`,
        variables: {}
      }
    });
    return response.result;
  }`,
  account_id: "your-account-id",
});

Build a Code Mode MCP Server

Code execution uses Cloudflare's Dynamic Worker Loader API to run generated code in isolated Workers, following the Code Mode pattern.

Read the Code Mode SDK docs for more info.

Resources

MCP for Beginners

Build MCP servers that give AI assistants real capabilities

36 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

198,732

30,537

JavaScript

AI Agentsai-agentsanthropic

View details

Compare

n8n

by n8n-io

Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.

190,285

58,141

TypeScript

MCP Serversaiapis

View details

Compare

everything-claude-code

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

185,940

28,768

JavaScript

AI Agentsai-agentsanthropic

An open-source AI agent that brings the power of Gemini directly into your terminal.

104,731

13,946

TypeScript

AI Agentsaiai-agents

View details

Compare

cc-switch

by farion1231

A cross-platform desktop All-in-One assistant for Claude Code, Codex, OpenCode, OpenClaw, Gemini CLI & Hermes Agent. Only official website: ccswitch.io

84,902

5,527

Rust

AI Agentsai-toolsclaude-code

View details

Compare

awesome-claude-skills

by ComposioHQ

A curated list of awesome Claude Skills, resources, and tools for customizing Claude AI workflows

62,461

6,841

Python

AI Agentsagent-skillsai-agents

View details

Compare

Browse all MCP Servers skills

Popular in MCP Servers

Top skills in this category by stars

TrendRadar

by sansan0

⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载，你的 AI 舆情监控助手与热点筛选工具！聚合多平台热点 + RSS 订阅，支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机，也支持接入 MCP 架构，赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ，数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。

58,577

24,464

Python

MCP Serversaibark

View details

context7

by upstash

Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors

56,398

2,666

TypeScript

MCP Serversllmmcp

View details

ida-mcp-rs mcp-for-argocd

Cloudflare MCP Server

A token-efficient MCP server for the entire Cloudflare API. 2500 endpoints in 1k tokens, powered by Code Mode.

Token Comparison

Get Started

MCP URL: https://mcp.cloudflare.com/mcp

Option 1: OAuth (Recommended)

Just connect to the MCP server URL - you'll be redirected to Cloudflare to authorize and select permissions.

Example JSON Configuration

{
  "mcpServers": {
    "cloudflare-api": {
      "url": "https://mcp.cloudflare.com/mcp"
    }
  }
}

Option 2: API Token

For CI/CD, automation, or if you prefer managing tokens yourself.

Note: API tokens with Client IP Address Filtering enabled are not currently supported.

Add to Agent

Disable Code Mode

https://mcp.cloudflare.com/mcp?codemode=false

Example JSON Configuration

{
  "mcpServers": {
    "cloudflare-api": {
      "url": "https://mcp.cloudflare.com/mcp?codemode=false"
    }
  }
}

When code mode is disabled:

Each API endpoint is registered as its own tool (e.g., get_workers_scripts, post_d1_database)
Tool input schemas are derived from the endpoint's path parameters, query parameters, and request body
Tools make direct API calls — no code execution involved
Path parameters like account_id are auto-resolved when possible (single account)

Note: Disabling code mode significantly increases the token cost (~244k tokens vs ~1k tokens). Only disable it when necessary for composition with other code mode systems.

The Problem

This server solves the problem by using code execution in a Code Mode pattern - the spec lives on the server, and only the result of the code execution is returned to the agent.

Tools

Agent writes code to search the spec and execute API calls.

Agent                         MCP Server
  │                               │
  ├──search({code: "..."})───────►│ Execute code against spec.json
  │◄──[matching endpoints]────────│
  │                               │
  ├──execute({code: "..."})──────►│ Execute code against Cloudflare API
  │◄──[API response]──────────────│

Supported Products

Workers, KV, R2, D1, Pages, DNS, Firewall, Load Balancers, Stream, Images, AI Gateway, Vectorize, Access, Gateway, and more. See the full Cloudflare API schemas.

Usage

Once configured, just ask your agent to do things with Cloudflare:

"List all my Workers"
"Create a KV namespace called 'my-cache'"
"Add an A record for api.example.com pointing to 192.0.2.1"

The agent will search for the right endpoints and execute the API calls. Here's what happens behind the scenes:

// 1. Search for endpoints
search({
  code: `async () => {
    const results = [];
    for (const [path, methods] of Object.entries(spec.paths)) {
      for (const [method, op] of Object.entries(methods)) {
        if (op.tags?.some(t => t.toLowerCase() === 'workers')) {
          results.push({ method: method.toUpperCase(), path, summary: op.summary });
        }
      }
    }
    return results;
  }`,
});

// 2. Execute API call (user token - account_id required)
execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "GET",
      path: \`/accounts/\${accountId}/workers/scripts\`
    });
    return response.result;
  }`,
  account_id: "your-account-id",
});

// 2. Execute API call (account token - account_id auto-detected)
execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "GET",
      path: \`/accounts/\${accountId}/workers/scripts\`
    });
    return response.result;
  }`,
});

GraphQL Analytics API

The server automatically detects and handles Cloudflare's GraphQL Analytics API endpoints. GraphQL queries work seamlessly through the same execute tool:

execute({
  code: `async () => {
    const response = await cloudflare.request({
      method: "POST",
      path: "/client/v4/graphql",
      body: {
        query: \`query {
          viewer {
            zones(filter: { zoneTag: "your-zone-id" }) {
              httpRequests1dGroups(limit: 7, orderBy: [date_ASC]) {
                dimensions {
                  date
                }
                sum {
                  requests
                  bytes
                  cachedBytes
                }
              }
            }
          }
        }\`,
        variables: {}
      }
    });
    return response.result;
  }`,
  account_id: "your-account-id",
});

Build a Code Mode MCP Server

Code execution uses Cloudflare's Dynamic Worker Loader API to run generated code in isolated Workers, following the Code Mode pattern.

Read the Code Mode SDK docs for more info.