MCP Server Access

Expose local MCP (Model Context Protocol) servers to cloud-hosted AI agents — temporarily and securely.

Why tunnels for MCP?

MCP servers typically run locally. Cloud-hosted AI agents (OpenClaw, Claude, custom GPT agents) need a URL to reach them. NullBore gives your MCP server a public HTTPS endpoint with zero config changes.

Expose a local MCP server

# Your MCP server runs on port 8001
nullbore open --port 8001 --ttl 4h
# ✓ https://a7f3bc.tunnel.nullbore.com → localhost:8001

Point your AI agent at https://a7f3bc.tunnel.nullbore.com/mcp and it can call your local tools.

Stable URLs: Use --name my-mcp (Dev+) to get https://my-mcp.yourname.nullbore.com — configure once in your agent settings. Pro plans can also use a custom domain (mcp.tunnel.yourcompany.com).

Always-on with daemon

For persistent MCP server access:

# ~/.config/nullbore/config.toml
server = "https://tunnel.nullbore.com"
api_key = "nbk_your_key"

[[tunnels]]
name = "my-mcp"
port = 8001

nullbore daemon --detach
# MCP server stays reachable, reconnects on network blips

With OpenClaw

If you're using OpenClaw, your agent can open tunnels programmatically via the NullBore API — expose tools when needed, close them when done. See the OpenClaw integration guide for details.

Security considerations

Use TTLs — don't leave MCP servers exposed permanently unless you need to.
API key per device — each machine running an MCP server should have its own NullBore API key.
Use --auth — protect your MCP endpoint with basic auth (nullbore open 8001 --auth agent:secret). The agent can include the credentials in its URL.
Auth on your MCP server — for additional security, your MCP server can also validate requests independently.