What is MCP (Model Context Protocol) and when was it launched?

MCP, the Model Context Protocol, is an open specification that defines how AI assistants connect to external tools and data sources. Anthropic launched MCP in November 2024 alongside the Claude Desktop reference client. It was published as an open-source project at github.com/modelcontextprotocol under the MIT license, with the goal of becoming a common integration layer the way Language Server Protocol (LSP) became the standard for editor-to-language-tooling communication. In 2025, OpenAI and Google DeepMind both announced native MCP support in their flagship clients, effectively making MCP the default cross-vendor standard. By April 2026 the community directory lists over 1,000 MCP servers covering databases, browsers, productivity tools, cloud providers, and proxy networks.

What is an MCP server and what does it expose to the LLM?

An MCP server is a process that exposes two kinds of capabilities to an LLM client: tools and resources. Tools are functions the LLM can invoke -- for example, fetch_url(url), execute_sql(query), send_email(to, body). The server describes each tool with a JSON schema, and the LLM decides when to call it based on the user's request. Resources are read-only data the LLM can retrieve -- file contents, database rows, API responses. The server exposes them via URIs like file:///path/to/doc.md or postgres://host/db/table. A typical proxy MCP server exposes one or two tools (fetch, render, rotate) and no resources. A more complex server might expose dozens. The MCP specification also covers prompts (reusable prompt templates) and sampling (server-initiated LLM calls), but tools are by far the most common integration.

Why would I want to run my MCP server through mobile proxies?

AI agents that browse the web need trusted IP addresses, and most developer machines or cloud hosts do not have them. When Claude or Cursor calls a fetch tool, the target site sees the IP of whatever machine runs the MCP server. If that IP is a cloud datacenter, Cloudflare and Akamai will return CAPTCHAs or 403s before the agent sees any content. Mobile carrier IPs (T-Mobile, AT&T, Vodafone, Jio, etc.) are protected by CGNAT under RFC 6598, meaning one public IP is shared among hundreds of real cellular users. Blocking a mobile IP would block legitimate customers, so anti-bot systems treat these IPs with much higher trust. Routing your MCP server's outbound requests through a Coronium mobile proxy means the agent's web research succeeds instead of getting walled by bot detection. This is the difference between an agent that can actually answer research questions and one that returns "I could not access the page" on every request.

How do I build a minimal MCP server that uses a proxy?

In Node.js with the official TypeScript SDK, the minimal pattern is: 1) install @modelcontextprotocol/sdk, 2) construct a Server instance with a name and version, 3) register a tool handler with server.setRequestHandler(CallToolRequestSchema, handler), 4) inside the handler, read the proxy credentials from environment variables, build an HTTP agent or undici dispatcher that routes through the proxy, use that agent to fetch the URL the tool was called with, and 5) return the response text wrapped in MCP content blocks. Start the server with new StdioServerTransport() for local use. The entire thing fits in under 100 lines. For Python, use the mcp package, define tools with the @mcp.tool() decorator, and use httpx.AsyncClient(proxies=...) for proxy-aware fetches. The code examples later in this guide walk through both.

How do I add a custom MCP server to Claude Desktop?

Claude Desktop reads its MCP configuration from claude_desktop_config.json. On macOS the path is ~/Library/Application Support/Claude/claude_desktop_config.json. On Windows it is %APPDATA%\Claude\claude_desktop_config.json. Add a mcpServers object with one entry per server. Each entry has command (the executable to run), args (an array of command-line arguments), and optionally env (a key/value object of environment variables). For a Node.js server, command is "node" and args is ["/absolute/path/to/server.js"]. Put proxy credentials in env so they are passed to the server process without hardcoding them. Restart Claude Desktop after editing the file. The tools appear in the hammer icon next to the chat input within a second or two of startup if the config is valid. If the server fails to launch, Claude Desktop shows an error in the MCP section of its settings panel.

How do I add an MCP server to Claude Code?

Claude Code has a dedicated CLI subcommand: `claude mcp add [args...]`. For example, `claude mcp add coronium-proxy node /absolute/path/to/server.js`. The CLI writes the server into ~/.claude.json for user-scope or .mcp.json in the current directory for project-scope. You can also add environment variables with `-e KEY=VALUE` flags or edit the JSON directly. List active servers with `claude mcp list` and remove them with `claude mcp remove `. Claude Code reloads MCP servers at the start of each session, so changes take effect the next time you run `claude`. For remote streamable HTTP servers, use `claude mcp add --transport http ` with optional `--header "Authorization: Bearer "` for auth.

How do I add an MCP server to Cursor?

Cursor looks for MCP config at .cursor/mcp.json inside the current workspace (project-scoped) or at ~/.cursor/mcp.json in the home directory (user-scoped, available in every project). The file uses the same mcpServers structure as Claude Desktop. Add the server, save the file, and open Cursor's Settings > MCP panel to verify it is detected. A green dot indicates the server is running. Cursor's Composer agent calls MCP tools automatically when relevant -- no @-mention required. If you want to see the available tools, click the MCP server name in the settings panel. Environment variables go in the env block and are scoped to the server process, not leaked to the rest of the editor.

How do I add an MCP server to Cline?

Cline stores MCP config at a platform-specific path -- inside VS Code, open the command palette and run "Cline: Open MCP Settings" which opens the correct cline_mcp_settings.json. Add your server with command, args, and env fields (same shape as Claude Desktop). Cline also has a UI-driven flow: click the MCP icon in the Cline panel, then "Add Server" and fill the form. One difference from Claude Desktop is that Cline shows real-time tool invocations as the agent works, which makes debugging much easier. If a proxy call fails, you see the exact error in the Cline output pane instead of having to dig through logs.

What is the difference between stdio, SSE, and streamable HTTP transports?

stdio is the local transport where the MCP server reads JSON-RPC from stdin and writes responses to stdout. The client (Claude Desktop, Cursor, etc.) spawns the server as a child process. This is the default for local development and personal tools -- no network setup, no auth. SSE (Server-Sent Events) was the original remote transport but is being deprecated in favor of streamable HTTP. Streamable HTTP is the modern remote transport: the server listens on an HTTPS endpoint and clients connect over standard HTTP with JSON-RPC messages. It supports OAuth 2.1 for auth, works behind any reverse proxy (nginx, Cloudflare, Caddy), and handles reconnection gracefully. Choose stdio for local single-user tools. Choose streamable HTTP for production servers that serve multiple teammates or run in the cloud. New servers should not use SSE.

What existing MCP proxy solutions can I use without building my own?

Several commercial options shipped in 2025/2026. Bright Data Web MCP offers a free tier of 5,000 requests/month with web scraping, search, and structured extraction tools -- good for evaluating MCP with real web access before writing code. Oxylabs integrated their Web Scraper API as an MCP server, exposing structured parsers for Amazon, Google, and 20+ targets; paid service, good quality. Smartproxy ships through Composio, which bundles Smartproxy access with 100+ other tool integrations behind one MCP endpoint. Google's Chrome DevTools MCP launched in 2025 and gives any MCP client a real Chrome instance -- point its launch flags at your Coronium proxy and the browser's traffic exits through your carrier IP. For teams with existing Coronium devices, wrapping your own credentials in a ~200-line custom MCP server is usually faster than switching to a commercial product and gives you full control over rotation policy and tool boundaries.

What is Chrome DevTools MCP and how does it relate to proxies?

Chrome DevTools MCP is Google's official MCP server that controls a Chrome browser via the Chrome DevTools Protocol (CDP). It exposes tools like navigate, click, type, screenshot, evaluate_javascript, and get_dom. The MCP client tells Chrome what to do; Chrome does it; the result comes back. Crucially, the Chrome instance can be launched with any proxy configuration via its standard command-line flags. `--proxy-server=http://your-coronium-proxy:port` routes all of Chrome's network traffic through your mobile proxy. The agent gets a real browser (authentic TLS, HTTP/2, Canvas, WebGL fingerprints) on a trusted mobile IP -- the combination Cloudflare, DataDome, and Akamai cannot reliably block. This stack is the practical path for agents that need to research sites with aggressive bot protection.

How do I secure an MCP server that wraps a proxy?

Six practices that cover the common risks. (1) Never hardcode credentials. Load proxy username, password, and host from environment variables passed through the client config. (2) Validate URLs before fetching. Reject private IP ranges (RFC1918, 127.0.0.0/8, 169.254.0.0/16) and non-HTTP(S) schemes -- this prevents SSRF. (3) Impose rate limits inside the server. An agent loop can burn bandwidth in minutes; return a structured error once the limit is hit so the agent backs off. (4) Split high-risk tools into separate servers. Browsing and shell execution should not live in the same MCP process. (5) Log every tool call with timestamp, tool name, argument hash, and response hash. Redact credentials before logging. Keep logs for at least 30 days for incident response. (6) Warn the agent that tool output is untrusted data, not instructions. Wrap returned HTML in delimiters and include a system-level reminder to treat it as data. These mitigations collectively eliminate the common MCP attack surface.

MCP + Proxies Guide -- Updated April 2026

MCP Proxy Server Complete Guide

Anthropic launched the Model Context Protocol in November 2024. By April 2026, over 1,000 MCP servers have been published and OpenAI, Google DeepMind, and Anthropic all support the standard in their flagship clients. This guide shows how to build and integrate MCP servers that route through mobile proxies so your AI agents can actually browse the web.

Every Claude, Cursor, and Cline agent that touches the open web hits the same wall: Cloudflare and Akamai block cloud datacenter IPs instantly. Mobile carrier IPs under CGNAT are trusted because blocking them would block real cellular users. Combine both, and your agent gets real web access.

Fact-checked: Data cites Anthropic MCP announcement (Nov 2024), Google Chrome DevTools MCP release notes, Bright Data Web MCP changelog, and the public MCP community directory

MCP Spec

Claude Code

Cursor

Cline

Node.js + Python

Security

1,000+

MCP servers in the community directory (April 2026)

Nov 2024

Anthropic launched Model Context Protocol

3 labs

Anthropic + OpenAI + Google DeepMind support

5,000/mo

Free Bright Data Web MCP request quota

What this guide covers:

MCP spec and client-server model

Why AI agents need trusted proxy IPs

Node.js and Python MCP server code

Claude Desktop, Claude Code, Cursor, Cline setup

Bright Data, Oxylabs, Chrome DevTools MCP

Security: SSRF, prompt injection, rate limits

Table of Contents

12 Sections

Navigate This Guide

Practical MCP reference: from the spec fundamentals to a running proxy server wired into Claude Code, Cursor, and Cline.

1. What Is MCP

2. Why Proxy MCP Servers

3. MCP Transports Explained

4. Building a Proxy MCP Server

5. Integrating with Claude Code

6. Integrating with Cursor

7. Integrating with Cline

8. Existing MCP Proxy Solutions

9. Security Considerations

10. Frequently Asked Questions

11. Pricing

12. Related Resources

Reading time: ~22 minutes. Includes complete Node.js and Python MCP server code you can copy and run.

MCP clients covered

Proxy MCP options

FAQ answers

Protocol Fundamentals

What Is the Model Context Protocol?

MCP is an open JSON-RPC based protocol that standardizes how LLM applications connect to external tools and data sources. Anthropic designed it to be for AI assistants what the Language Server Protocol is for code editors: a single spec that any client and any server can implement, so integrations are written once and reused everywhere.

Client-Server Architecture

The client is the AI application (Claude Desktop, Claude Code, Cursor, Cline). The server is a process that exposes tools, resources, and prompts. The client spawns or connects to servers and forwards their capabilities to the underlying LLM. One client can talk to many servers simultaneously.

Tools, Resources, Prompts

Tools are invocable functions the LLM can call (fetch_url, execute_sql, send_email). Resources are read-only data accessible by URI (file://, postgres://, custom schemes). Prompts are reusable templated prompts. The server advertises each capability with a JSON schema; the LLM decides when to use them.

Transport Layer

MCP is transport-agnostic. Local servers use stdio (JSON-RPC over stdin/stdout) which requires zero setup. Remote servers use streamable HTTP (modern) or SSE (deprecated). Streamable HTTP supports OAuth 2.1 for auth and works behind any reverse proxy, making it the production choice.

MCP Adoption Timeline (2024-2026)

How MCP went from an Anthropic announcement to a cross-vendor standard

November 2024

Anthropic launches MCP

Published spec, SDKs for TypeScript and Python, and the reference implementation at github.com/modelcontextprotocol. Claude Desktop ships as the first client.

Q1 2025

Community servers explode

Hundreds of third-party MCP servers appear within weeks: GitHub, Slack, Notion, Postgres, Filesystem, Puppeteer, Sentry, and many more.

Mid 2025

OpenAI adopts MCP

OpenAI announces MCP support in its agent SDK and ChatGPT desktop apps. The same servers now work across vendors.

Late 2025

Google DeepMind joins

Gemini agent tooling adds MCP support. Google ships Chrome DevTools MCP -- an official browser-automation MCP server.

Q4 2025

Commercial proxy MCP servers ship

Bright Data launches free-tier Web MCP with 5,000 requests/month. Oxylabs wraps Web Scraper API as an MCP server. Smartproxy ships via Composio.

April 2026

1,000+ servers in the directory

The community MCP directory crosses 1,000 published servers. Standard has de facto won the AI-tool integration space.

The LSP Analogy

Before the Language Server Protocol, every editor-language pair needed custom integration: VS Code needed its own TypeScript engine, its own Python engine, and so on. LSP fixed that: write one language server, and every editor with LSP support works with it. MCP applies the same pattern to AI: write one MCP server, and every MCP-aware client (Claude, Cursor, Cline, Windsurf, ChatGPT, Gemini) can use it.

This is why investing time into an MCP server is defensible engineering. Your proxy integration is not locked to Claude Desktop; the moment the next client ships, it works there too, with zero changes.

Trust and Access

Why Proxy Your MCP Servers?

Every MCP server that touches the open web inherits the IP reputation of the machine running it. Most developer machines, cloud hosts, and CI runners have IP reputations that trigger bot detection instantly. Mobile carrier IPs do not. Here is why that difference matters for AI agents.

AI agents need trusted IPs

When an LLM agent browses sites through a fetch tool, the target server sees the IP of whichever machine runs the MCP server. Cloud datacenter IPs (AWS, GCP, Azure) are flagged by Cloudflare, Akamai, and DataDome. The agent's first web search returns a CAPTCHA wall. Mobile carrier IPs do not.

Geo-targeted research

Asking Claude to "check the price of this product in Germany" only works if the request actually originates from a German IP. Mobile proxies in 30+ countries let the agent execute region-specific research without spoofing geolocation headers.

Authenticated sessions that survive

Agents that log into dashboards, email clients, or internal tools need session stability. Mobile proxies with sticky sessions keep the same IP for the duration of the agent's workflow, so cookies and auth tokens remain valid.

Offloading risk from your home IP

Running Claude Desktop with a fetch tool on your laptop means your home IP shows up in every server log the agent touches. A proxy MCP puts a layer of distance between you and the sites your agent is researching.

Parallel workflows without collisions

Multi-agent setups (Claude Code + Cursor + a background worker) running concurrent web research from the same IP get rate-limited fast. A pool of mobile proxies with per-agent assignment keeps each agent on a clean, non-conflicting IP.

Compliance separation

Business agents that touch regulated data (financial, health, legal) should not share an IP with personal browsing. A dedicated mobile proxy tied to the MCP server creates a clean compliance boundary.

The Default-Fail Scenario

Run Claude Desktop on a MacBook with a naive fetch MCP server on your home Wi-Fi. Ask the agent to research competitor pricing on Amazon and LinkedIn. What happens:

1.Amazon CAPTCHA walls appear after the first 2-3 requests. Agent reports "I could not access the page."
2.LinkedIn returns a login wall or 999 status code. Agent cannot get past the home page.
3.Your home IP accumulates a fingerprint in Cloudflare's reputation system from the unusual request pattern.
4.Your normal browsing starts seeing more CAPTCHAs for weeks afterward as your IP reputation degrades.

Routing the MCP server through a mobile proxy eliminates all four problems. The agent succeeds, your home IP stays clean.

When You Do NOT Need a Proxy MCP

Being honest -- not every MCP server benefits from proxying

Local filesystem MCP

Reading and writing files on your own machine. No network.

Database MCP (internal)

Connects to a Postgres or Redis on your VPC. Should stay on private network.

Authenticated API MCP

GitHub, Slack, Linear, Notion -- uses a personal access token, API knows who you are.

Stdout/logs MCP

Tailing local logs, running git commands, invoking build tools. All local.

Proxy your MCP server when it reaches out to the open web, especially to sites with bot detection. Do not proxy MCP servers that stay on localhost or authenticated APIs you control.

Transports

MCP Transports: stdio, SSE, Streamable HTTP

MCP can run over different transports. Which one you pick depends on whether the server runs locally or remotely, and whether one user or many will connect to it.

stdio

When to use: Local server running on the same machine as the client

Pros: Zero network setup. No auth. Process is sandboxed by the OS. Lowest latency. Ideal for development and single-user tools.

Cons: Cannot be shared across machines. One client at a time. Server exits when the client exits.

SSE (deprecated)

When to use: Remote server, one-way streaming legacy pattern

Pros: Easy to proxy through CDNs. Works in browsers.

Cons: Being phased out in favor of streamable HTTP. New servers should not use SSE as the primary transport.

Streamable HTTP

When to use: Remote server, modern production deployments

Pros: Bidirectional. Standard HTTP(S) -- works with any reverse proxy. Supports OAuth 2.1 for auth. Survives network hiccups and reconnects gracefully.

Cons: Requires a server process. Needs TLS cert and public DNS for remote use. Slightly more setup than stdio.

Decision Guide

Pick the right transport for your situation

You are building a personal tool for your own use

Zero setup, lowest latency, no auth needed. Claude Desktop spawns the server when needed.

stdio

You want teammates to share one MCP server instance

Deploy once, everyone connects. OAuth 2.1 provides auth. Works with any reverse proxy.

streamable HTTP

You need the MCP server to persist state across invocations

stdio servers are ephemeral -- they exit when the client disconnects. HTTP servers can keep long-lived state.

streamable HTTP

You are deploying to a serverless platform

stdio requires a persistent process. HTTP works with Vercel, Cloudflare Workers, AWS Lambda.

streamable HTTP

You are inheriting an old SSE server

SSE is deprecated. New clients may drop support. Migration is usually 20-50 lines of code.

migrate to streamable HTTP

Code

Building a Proxy MCP Server

Both examples wrap a Coronium mobile proxy and expose a single fetch_url tool. The Node.js version uses the official TypeScript SDK and undici for proxy-aware HTTP. The Python version uses the mcp package and httpx. Copy either one, set environment variables, and you have a working proxy MCP server.

Node.js / TypeScript Implementation

Install with npm install @modelcontextprotocol/sdk undici. Save as server.js.

// server.js -- MCP proxy server wrapping Coronium mobile proxy

import { Server } from '@modelcontextprotocol/sdk/server/index.js';

import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';

import {

CallToolRequestSchema,

ListToolsRequestSchema,

} from '@modelcontextprotocol/sdk/types.js';

import { ProxyAgent, fetch } from 'undici';

// Load proxy credentials from env -- never hardcode

const PROXY_URL = `http://$${process.env.CORONIUM_USER}:$${process.env.CORONIUM_PASS}@$${process.env.CORONIUM_HOST}:$${process.env.CORONIUM_PORT}`;

const proxyAgent = new ProxyAgent(PROXY_URL);

// Simple SSRF guard -- reject private ranges

function isPrivateHost(url) {

const h = new URL(url).hostname;

return /^(10\.|192\.168\.|127\.|169\.254\.|172\.(1[6-9]|2\d|3[01])\.)/.test(h) || h === 'localhost';

}

const server = new Server(

{ name: 'coronium-proxy', version: '1.0.0' },

{ capabilities: { tools: {} } }

);

// Advertise the fetch_url tool

server.setRequestHandler(ListToolsRequestSchema, async () => ({

tools: [{

name: 'fetch_url',

description: 'Fetch a URL through a mobile carrier proxy. Returns page text.',

inputSchema: {

type: 'object',

properties: { url: { type: 'string', description: 'Absolute URL to fetch' } },

required: ['url'],

}]

}));

// Handle tool calls -- route through the proxy

server.setRequestHandler(CallToolRequestSchema, async (req) => {

if (req.params.name !== 'fetch_url') throw new Error('Unknown tool');

const url = req.params.arguments?.url;

if (isPrivateHost(url)) throw new Error('Private URL rejected');

const res = await fetch(url, { dispatcher: proxyAgent });

const text = await res.text();

return { content: [{ type: 'text', text: text.slice(0, 50000) }] };

});

// Connect over stdio -- Claude Desktop spawns this as a child process

const transport = new StdioServerTransport();

await server.connect(transport);

Python Implementation

Install with pip install mcp httpx. Save as server.py.

# server.py -- MCP proxy server in Python

import os

import re

import httpx

from mcp.server import Server

from mcp.server.stdio import stdio_server

from mcp.types import Tool, TextContent

# Build proxy URL from env vars -- never hardcode

PROXY_URL = f"http://{os.environ['CORONIUM_USER']}:{os.environ['CORONIUM_PASS']}@{os.environ['CORONIUM_HOST']}:{os.environ['CORONIUM_PORT']}"

# SSRF guard

PRIVATE_RE = re.compile(r"^(10\.|192\.168\.|127\.|169\.254\.|172\.(1[6-9]|2\d|3[01])\.)")

def is_private(url: str) -> bool:

from urllib.parse import urlparse

host = urlparse(url).hostname or ""

return host == "localhost" or bool(PRIVATE_RE.match(host))

app = Server("coronium-proxy")

# Advertise the fetch_url tool

@app.list_tools()

async def list_tools():

return [Tool(

name="fetch_url",

description="Fetch a URL through a mobile carrier proxy. Returns page text.",

inputSchema={

"type": "object",

"properties": {"url": {"type": "string"} },

"required": ["url"],

)]

# Handle tool calls through the proxy

@app.call_tool()

async def call_tool(name: str, arguments: dict):

if name != "fetch_url":

raise ValueError("Unknown tool")

url = arguments["url"]

if is_private(url):

raise ValueError("Private URL rejected")

async with httpx.AsyncClient(proxy=PROXY_URL, timeout=30) as client:

r = await client.get(url)

return [TextContent(type="text", text=r.text[:50000])]

async def main():

async with stdio_server() as (read, write):

await app.run(read, write, app.create_initialization_options())

if __name__ == "__main__":

import asyncio; asyncio.run(main())

Extending the Minimal Server

The minimal server exposes one tool. Real-world deployments add more. Common extensions:

render_url(url)

Launches Playwright with the proxy, renders JavaScript, returns DOM text. Needed for SPAs.

search_google(query)

Builds a Google search URL, fetches through proxy, parses results. Replaces expensive search APIs.

rotate_ip()

Calls the Coronium API to force the mobile device to request a new carrier IP. Useful when the current IP is rate-limited.

take_screenshot(url)

Renders URL and returns PNG as base64. Lets the agent see what the page looks like.

extract_structured(url, schema)

Fetches + parses + returns data matching a provided JSON schema. Saves the agent from writing parsers.

check_ip()

Returns the current outbound IP, its ASN, and geolocation. Helps the agent verify it is on the expected proxy.

Claude Code

Integrating with Claude Code

Claude Code is Anthropic's terminal-based coding agent. It supports MCP via the claude mcp CLI or by editing JSON config. Here is how to add the proxy server from section 4.

Method 1: CLI (recommended)

# Add the server (user-scope, available everywhere)

$ claude mcp add coronium-proxy \

--env CORONIUM_USER=your_user \

--env CORONIUM_PASS=your_pass \

--env CORONIUM_HOST=mobile.coronium.io \

--env CORONIUM_PORT=10000 \

node /absolute/path/to/server.js

# List active servers

$ claude mcp list

# Remove a server

$ claude mcp remove coronium-proxy

The CLI writes to ~/.claude.json. Add --scope project to write to .mcp.json in the current directory instead (checked into git, shared with teammates).

Method 2: Edit JSON directly

// ~/.claude.json (or .mcp.json in project)

{

"mcpServers": {

"coronium-proxy": {

"command": "node",

"args": ["/absolute/path/to/server.js"],

"env": {

"CORONIUM_USER": "your_user",

"CORONIUM_PASS": "your_pass",

"CORONIUM_HOST": "mobile.coronium.io",

"CORONIUM_PORT": "10000"

}

After editing, restart Claude Code. Tools appear the moment the server process starts. If the server crashes, Claude Code shows the error in the next session.

Verifying the Server Works

Start a Claude Code session and ask directly:

"Use the fetch_url tool to GET https://api.ipify.org and tell me what IP it returned."

Claude Code should invoke your MCP server, which calls ipify through the Coronium proxy. The returned IP should match your Coronium device's current carrier IP (not your home IP). If it matches your home IP, the proxy credentials or routing are wrong -- check env vars and server logs.

Cursor

Integrating with Cursor

Cursor's Composer agent can call MCP tools automatically. Configure servers at the project or user scope, then let the agent pick up the proxy tool whenever the current task benefits from it.

Config File Paths

Project-scope

.cursor/mcp.json

Checked into the repo. Shared with teammates. Use for servers specific to this project.

User-scope

~/.cursor/mcp.json

Available in every Cursor workspace. Use for personal tools like a proxy server with your own credentials.

Cursor mcp.json

{

"mcpServers": {

"coronium-proxy": {

"command": "node",

"args": ["/abs/path/server.js"],

"env": {

"CORONIUM_USER": "your_user",

"CORONIUM_PASS": "your_pass",

"CORONIUM_HOST": "mobile.coronium.io",

"CORONIUM_PORT": "10000"

}

Verifying in Cursor

1Open Cursor Settings (Cmd+,) and navigate to the MCP panel.
2A green dot next to coronium-proxy means the server launched successfully. A red dot means check the command, args, and env values.
3Click the server to see the list of exposed tools. fetch_url should appear.
4In Composer, prompt: "Using the fetch_url tool, check what IP https://ifconfig.me/ip returns." The agent calls your tool and reports the carrier IP.

Cline

Integrating with Cline

Cline is an autonomous coding agent that lives inside VS Code. Its strength is multi-step tool chaining: the agent calls fetch_url, pipes the result through a parser, and writes the extracted data to a file -- all on one turn. Adding a proxy MCP server unlocks this for any web target.

Method 1: UI flow

1Open Cline in VS Code (sidebar icon).
2Click the MCP servers icon in the Cline toolbar.
3Click "Add Server", fill in the form with command, args, and environment variables.
4Save. The server launches immediately -- no restart required.

Method 2: JSON

In VS Code command palette: Cline: Open MCP Settings. Add to cline_mcp_settings.json:

{

"mcpServers": {

"coronium-proxy": {

"command": "node",

"args": ["/abs/path/server.js"],

"env": { ... },

"disabled": false,

"autoApprove": ["fetch_url"]

}

Cline-specific Tips

The autoApprove array lets you mark tools as safe to invoke without user confirmation. Only add tools where you understand the risk -- fetch_url is usually fine, execute_shell never should be.
Cline shows live tool-invocation logs in its output pane. If a fetch fails, you see the exact error inline -- much better debugging than Claude Desktop.
Cline supports "Plan mode" where the agent lists the tools it will call before executing. Useful for verifying that the proxy tool is being selected for the right tasks.
Cline can run multiple MCP servers in parallel. A common pattern is one server per concern: coronium-proxy for web, github-mcp for repos, postgres-mcp for data.

Market Landscape

Existing MCP Proxy Solutions

If building your own is too much work, several commercial and open-source MCP servers already provide proxy-like web access. Each has trade-offs in quality, cost, and lock-in.

Bright Data Web MCP

Free tier launched 2025

First major commercial Web MCP. Exposes tools for scraping, search, structured extraction, and browser rendering. Free tier allows 5,000 requests/month so agents can browse the open web without proxy configuration. Paid tiers use Bright Data's residential and datacenter pools.

Best for: Teams that want instant web access for their LLM without running infrastructure. Good for proof-of-concept and small-scale agents.

Limitation: Shared pool -- no guarantee of carrier/mobile IPs. Rate limits apply above the free quota. No dedicated device IDs.

Oxylabs Web Scraper MCP

Integrated with Web Scraper API, 2025

Wraps Oxylabs Web Scraper API and exposes it as MCP tools. Includes geo-targeted scraping, JavaScript rendering, and structured parsers for Amazon, Google, and 20+ other targets. Premium proxy pool with datacenter, residential, and mobile options.

Best for: Structured extraction from major e-commerce and search targets. Production teams that already use Oxylabs.

Limitation: Paid service. Minimum spend applies. Pool quality is good but not dedicated to your agent -- shared across all Oxylabs MCP users.

Smartproxy + Composio

Composio integration, 2025

Smartproxy exposes its residential and mobile pool through Composio, which provides an MCP adapter layer. Claude Code users add one Composio MCP server and gain access to Smartproxy plus 100+ other Composio-integrated tools in the same session.

Best for: Multi-tool agents -- Smartproxy alongside Gmail, GitHub, Notion, Linear, and other integrations exposed by Composio.

Limitation: Dependent on the Composio platform as a middleman. Another vendor relationship and billing surface.

Chrome DevTools MCP

Google, 2025

Official Google MCP server that controls a local Chrome instance through the DevTools Protocol. Agents can navigate, click, type, inspect the DOM, and take screenshots. Connects Chrome to any proxy via launch flags -- point it at your Coronium mobile proxy and the browsed traffic exits through your carrier IP.

Best for: Browser-based automation where the agent needs to interact with rendered pages. Combined with a proxy, it gives the LLM a real browser on a trusted IP.

Limitation: Runs Chrome locally. Not a hosted service. Needs a display server or headless config on the machine running the MCP server.

Colab MCP

Community, 2025

Community-built MCP server that bridges Jupyter and Google Colab. Agents can execute notebook cells, install packages, and fetch URLs inside the Colab runtime. Combined with proxy-aware HTTP in the notebook, agents can run scraping pipelines from Colab on your proxy IPs.

Best for: Data science workflows where the agent prototypes scraping and analysis code in a notebook, then iterates.

Limitation: Runtime caps on Colab free tier. Requires an authenticated Colab session.

Coronium-style custom MCP

Roll-your-own

The pattern this guide teaches: a ~200-line Node.js or Python MCP server that wraps your Coronium mobile proxy credentials and exposes fetch, render, and rotate tools. Full control over IP assignment, rotation policy, and which tools the agent is allowed to use.

Best for: Teams that already have Coronium mobile proxies and want their AI agents to use the same dedicated devices as the rest of their scraping stack.

Limitation: You maintain it. 1-2 days to ship v1, ongoing work to add new tools and handle transport edge cases.

Comparison Matrix

Picking between commercial and roll-your-own

Option	Setup Time	IP Quality	Cost Model	Control
Bright Data Web MCP	5 min	Mixed pool	Free 5K/mo, then per-req	Low
Oxylabs MCP	15 min	Premium pool	Per-GB + monthly min	Medium
Smartproxy via Composio	10 min	Residential+mobile pool	Composio sub + traffic	Low-Medium
Chrome DevTools MCP + your proxy	30 min	Whatever proxy you point it at	Your proxy cost only	High
Custom MCP + Coronium	1-2 days	Dedicated carrier IPs	From $27/mo flat	Full

* Setup time measured from "decision made" to "first successful tool call." Assumes existing developer familiarity with MCP.

MCP Clients Supported in 2026

The proxy MCP servers above work across all of these clients without modification

Claude Desktop

Anthropic

Platform: macOS, Windows

Transport: stdio, streamable HTTP

Original reference client. Config file lives at ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\ (Windows). Supports unlimited local stdio servers and remote HTTP servers with OAuth.

Claude Code

Anthropic

Platform: Terminal (macOS, Linux, Windows via WSL)

Transport: stdio, SSE, streamable HTTP

Anthropic CLI agent. Add servers with `claude mcp add <name> <command>`. Supports project-scoped servers in .mcp.json and user-scoped servers in ~/.claude.json. Widely used for Composio, Smartproxy, and Bright Data integrations.

Cursor

Anysphere

Platform: Cross-platform editor

Transport: stdio, SSE, streamable HTTP

IDE-native MCP support since version 0.45. Configured in .cursor/mcp.json (project) or ~/.cursor/mcp.json (user). Composer agent calls MCP tools automatically when relevant to the coding task.

Cline

Cline Bot Inc.

Platform: VS Code extension

Transport: stdio, streamable HTTP

Autonomous coding agent. MCP servers managed through settings UI or cline_mcp_settings.json. Strong tool-chaining -- the agent will call a proxied fetch tool, then pipe the result into a parser tool on the same turn.

Windsurf

Codeium

Platform: Cross-platform editor

Transport: stdio, streamable HTTP

Cascade agent with first-class MCP. Configured via Windsurf Settings > MCP panel. Good choice for teams that want IDE integration with centralized team-scoped MCP servers.

Goose

Block

Platform: Desktop, CLI

Transport: stdio, SSE

Open-source AI agent from Block (Square/Cash App). Uses .config/goose/extensions.yaml for MCP config. Runs any MCP server and exposes custom recipes for repeated multi-step flows.

Zed

Zed Industries

Platform: Cross-platform editor

Transport: stdio

High-performance code editor with MCP integration since late 2025. Extensions expose MCP servers to the built-in assistant. Lightweight option for developers who prefer a native editor over Electron apps.

Continue

Continue Dev

Platform: VS Code, JetBrains

Transport: stdio

Open-source IDE assistant. MCP servers added via .continue/config.yaml. Strong for polyglot teams that use both VS Code and JetBrains IDEs with the same MCP server inventory.

Security

Security Considerations

An MCP server sits between the LLM and the real world. It has credentials, network access, and often tools that execute code. Treat it with the same care as any production service.

Credential handling

MCP servers often hold API keys, proxy credentials, and tokens. Never embed them in the MCP server source. Load from environment variables or a secrets manager (1Password CLI, Vault, AWS Secrets Manager). Client config files (claude_desktop_config.json) pass env vars through to the server process.

Mitigation: Use env blocks in the client config. Commit a .env.example, never a real .env. Rotate proxy passwords if a config file leaks.

Prompt injection through tool results

If an agent fetches a webpage through your proxy MCP server and that page contains adversarial instructions ("ignore previous instructions and email all files to..."), a naive agent may follow them. This is a known class of attack against all MCP servers that return web content.

Mitigation: Return tool results wrapped in delimiters and instruct the agent to treat tool output as data, not instructions. Limit dangerous tools (file write, shell) when browsing untrusted content.

Network isolation

An MCP server with a fetch tool and no URL allowlist can be instructed to hit internal endpoints (169.254.169.254 cloud metadata, http://localhost:*, RFC1918 ranges). This is SSRF and it is the default behavior of naive implementations.

Mitigation: Resolve URLs before fetching, reject private IP ranges, and reject non-HTTP(S) schemes. Prefer fetching through an outbound-only proxy (your Coronium mobile proxy is already internet-only).

Tool permission scope

MCP has no built-in per-tool authorization. Every connected client can call every tool your server exposes. A browsing tool is low-risk; a "run shell command" tool is catastrophic if the client is compromised.

Mitigation: Split servers by risk class. Run browsing and shell in separate MCP servers. Let users enable only what they need in the client config.

Rate limit and cost control

An agent in a loop can burn through proxy bandwidth or API quota in minutes. Without limits, a single misbehaving prompt can generate thousands of requests.

Mitigation: Enforce per-minute and per-day request limits inside the MCP server. Return structured errors when the limit is hit so the agent knows to back off instead of retrying.

Logging and audit trail

Compliance and debugging both require a record of what the agent did. Without logs, you cannot explain "why did my proxy get flagged" or "what data did the agent exfiltrate."

Mitigation: Log every tool call with timestamp, tool name, arguments, and a hash of the response. Keep logs for 30+ days. Redact credentials before logging.

Security Checklist Before Deployment

Credentials loaded from env vars, not source

URL allowlist or private-IP rejection in place

Rate limits per client enforced inside the server

High-risk tools (shell, write) in separate servers

Structured logging with credential redaction

TLS required for remote transports

OAuth 2.1 configured for multi-user HTTP servers

Tool schemas include explicit type constraints

Response size capped (e.g. 50KB text truncation)

Timeouts on all outbound network calls

Error messages do not leak internal paths

Regular dependency audits (npm audit, pip-audit)

Monitoring Your MCP Server in Production

Tool invocation rate

Sudden spikes mean an agent is in a loop. Alert at 10x normal volume.

Proxy request success rate

Drop below 85% means proxy issues or the target is blocking. Investigate before the agent's UX degrades.

Response time P95

Rising P95 latency points to proxy congestion or target throttling. Rotate IPs or adjust pacing.

Error log frequency

SSRF rejections, auth failures, and timeout errors all hint at different root causes. Trend each separately.

Bandwidth consumption

Daily per-client GB. Anomalies catch runaway agents before your proxy bill spikes.

FAQ

Frequently Asked Questions

Practical answers on MCP spec, server development, client integration, existing proxy MCP solutions, and security.

Pricing

Mobile Proxy Plans for MCP Servers

Dedicated 4G/5G mobile devices for your AI agents. Unlimited bandwidth, flat monthly price, no per-request fees -- agents in loops will not blow up your bill.

Premium Mobile Proxy Pricing

Configure & Buy Mobile Proxies

Select from 10+ countries with real mobile carrier IPs and flexible billing options

📖 Complete Purchase Guide

Choose Billing Period

Select the billing cycle that works best for you

SELECT LOCATION

🇺🇸

USA

$129/m

HOT

🇬🇧

$97/m

HOT

🇫🇷

France

$79/m

🇩🇪

Germany

$89/m

🇪🇸

Spain

$96/m

🇳🇱

Netherlands

$79/m

🇦🇺

Australia

$119/m

🇮🇹

Italy

$127/m

🇧🇷

Brazil

$99/m

🇨🇦

Canada

$159/m

🇵🇱

Poland

$69/m

🇮🇪

Ireland

$59/m

🇱🇹

Lithuania

$59/m

🇵🇹

Portugal

$89/m

🇷🇴

Romania

$49/m

SALE

🇺🇦

Ukraine

$27/m

SALE

🇬🇪

Georgia

$69/m

SALE

🇹🇭

Thailand

$59/m

SALE

Save up to 10%

when you order 5+ proxy ports

Carrier & Region

USA 🇺🇸

AT&T

T-Mobile

Verizon

Available regions:

Florida

New York

Included Features

Dedicated Device

Real Mobile IP

10-100 Mbps Speed

Unlimited Data

ORDER SUMMARY

🇺🇸USA Configuration

AT&T • Florida • Monthly Plan

Your price:

$129

/month

Unlimited Bandwidth

No commitment • Cancel anytime • Purchase guide

Money-back guarantee if not satisfied

Perfect For

Multi-account management

Web scraping without blocks

Geo-specific content access

Social media automation

500+Active Users

10+Countries

95%+Trust Score

20h/dSupport

Popular Proxy Locations

United States•California•Los Angeles•New York•NYC

Secure payment methods accepted: Credit Card, PayPal, Bitcoin, and more. 2 free modem replacements per 24h.

Use Cases

MCP Proxy Applications by Workflow

Mobile proxies unlock reliable web access for AI agents across research, data collection, and automation workflows.

Research and Intelligence Agents

Competitor SEO monitoring via agent-driven SERP checks
Brand protection sweeps across marketplaces
Price monitoring agents that verify prices in multiple regions
Ad verification with carrier-level geolocation

E-commerce and Marketplace Agents

Amazon research for pricing and inventory signals
eBay market analysis with trusted IPs
Vinted fashion trends for secondhand market signals
General web scraping through a single MCP tool

Social and Content Agents

Instagram sentiment gathering through MCP fetch
TikTok trend tracking for content strategy
Facebook brand monitoring
Website QA scripted through agents

Geographic Coverage for Agents

Route MCP traffic through carrier IPs in 30+ countries:

United States Germany UK France Spain Netherlands Brazil Poland Australia More EU Countries

Ship Your MCP Server on Trusted Mobile IPs

Dedicated 4G/5G mobile proxies for Claude, Cursor, Cline, Windsurf, and any MCP-aware agent. Flat monthly pricing, unlimited bandwidth, and the same CGNAT trust advantage that makes mobile proxies the gold standard for web scraping -- now for your AI agents.

Works with Node.js and Python MCP SDKs, Chrome DevTools MCP, and any custom server that speaks HTTP(S). HTTP and SOCKS5 support included.

MCP-ready examples included

Node.js + Python support

30+ countries

24/7 technical support

Unlimited bandwidth

API for IP rotation

Related Web Scraping Resources

Blog

AI Agents