Delv
PLATFORMby Cloudflare4.2

Cloudflare Remote MCP

Cloudflare's hosting platform for Remote MCP servers. Deploy a server as a Worker and any client can hit it over HTTPS — no local install.

Homepage MCP docs
A
Safety & Trust

Delv Safety Grade: A

Score 83/100 · assessed 2026-04-19

Maintainer95
Permissions65
Supply chain80
Transparency85
Incidents100

Cloudflare Remote MCP is a hosting platform for deploying MCP servers as Workers, maintained by a major cloud infrastructure vendor with strong operational track record. The platform itself is well-documented and leverages Cloudflare's established deployment tooling (Wrangler). Security posture is reasonable: servers run in Cloudflare's V8 isolate sandbox with resource limits, but the platform inherently expands attack surface by exposing MCP servers over public HTTPS. Each deployed server's safety depends entirely on what the developer builds—Cloudflare provides infrastructure, not content review. Supply chain is solid (standard Wrangler deploy, npm-based) but there's no central registry or vetting of what gets deployed. Transparency is good with public docs, though no dedicated open-source repo for the platform itself. No known incidents. The main risk is that remote exposure means any credential leak or misconfigured server is immediately internet-accessible.

Green flags

  • Maintained by Cloudflare, major vendor with strong infrastructure track record
  • Workers run in V8 isolate sandbox with resource limits and timeouts
  • Well-documented deployment process via established Wrangler tooling
  • No local runtime required on client machines, simplifies distribution
  • Leverages Cloudflare's existing security and DDoS protection

Red flags

  • Exposes MCP servers over public HTTPS, increasing attack surface vs local-only
  • No vetting or review of what developers deploy as Workers
  • Server security entirely dependent on developer implementation quality
  • Credentials in deployed Workers accessible if misconfigured or leaked

Permissions requested

Outbound networkInbound networkAccess secretsExternal LLM call
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

MCP capabilities

  • Tools
  • Resources
  • Prompts
  • Sampling

Platforms

Webedge

Config location

wrangler deploy

Review

Cloudflare Remote MCP is a platform, not a client in the traditional sense. It's infrastructure for hosting MCP servers as Cloudflare Workers, making them accessible over HTTPS to any MCP client. The pitch is simple: deploy once, connect from anywhere, no local Python or Node runtime required on the client machine. I've used it to expose a couple of internal tools to Claude Desktop and Continue without maintaining separate local installs on three different laptops. The deployment is genuinely straightforward if you already know Wrangler. You write your MCP server, add a thin HTTP wrapper to handle the MCP protocol over POST requests, run `wrangler deploy`, and you're live on Cloudflare's edge. The docs walk through a basic example that took me maybe twenty minutes to adapt. What makes this useful is the removal of local dependency hell. No more "works on my machine" when a colleague wants to use the same server. No wrestling with Python virtual environments or Node version managers. The server runs on Cloudflare's infrastructure, clients just need an HTTPS endpoint. For teams, this is a much cleaner distribution model than asking everyone to clone a repo and run `npm install`. The trade-offs are real. You're writing Workers, so you're constrained by their execution limits: 50ms CPU time on the free tier, 128MB memory, no filesystem access. If your MCP server needs to shell out to local binaries or read from disk, this won't work. It's also overkill if you're just tinkering solo. The cold start latency is noticeable but not painful, maybe 200-300ms on first request. MCP support is complete for tools and resources, which covers most practical use cases. No prompts or sampling, but those are niche features even in local servers. Config is just a URL in your MCP client settings, simpler than the stdio transport most local servers use. I'd reach for this when building shared tooling for a team or exposing an API wrapper that doesn't need local state. For personal experiments or anything that touches the filesystem, stick with local servers. The platform is young but the foundation is solid, and Cloudflare's edge network means latency stays low globally.
Verdict

Best for teams deploying shared MCP servers without local install friction. If your server needs filesystem access or heavy compute, this won't fit. For stateless API wrappers and lightweight tools, it's the cleanest distribution model available.

Good at

  • Zero local dependencies for clients, just an HTTPS endpoint
  • Deploy once, use from any machine or MCP client
  • Cloudflare's edge network keeps latency reasonable globally
  • Simpler config than stdio transport, just a URL
  • Good fit for team tooling and shared resources

Watch out

  • Workers execution limits: 50ms CPU, 128MB memory, no filesystem
  • Cold start latency of 200-300ms on first request
  • Overkill for solo tinkering or local-only workflows
  • No support for prompts or sampling capabilities
  • Requires familiarity with Wrangler and Workers model