otp-mcp-server

add_token

Add a new OTP token to generate one-time passwords for authentication. Configure TOTP or HOTP tokens with custom settings like issuer, account, algorithm, and period.

Instructions

Add a new OTP token.

Args:
    secret: Base32 encoded secret key
    issuer: Issuer of the OTP token
    account: Accout for the OTP token
    type: Type of the OTP token (TOTP or HOTP) (default is TOTP)
    algorithm: Hashing algorithm to use (SHA1, SHA256, SHA512, MD5) (default is SHA1)
    counter: Counter value for HOTP tokens (default is 0)
    digits: Number of digits in the OTP code (default is 6)
    period: Time period for TOTP tokens in seconds (default is 30)

Input Schema

TableJSON Schema

Name	Required	Description	Default
`secret`	Yes	Secret key Base32
`issuer`	Yes	Issuer of the OTP token
`account`	Yes	Account for the OTP token
`type`	No		TOTP
`algorithm`	No		SHA1
`counter`	No	Counter value for HOTP tokens
`digits`	No	Number of digits in the OTP code
`period`	No	Time period for TOTP tokens in seconds

Implementation Reference

otp_mcp/tool.py:120-162 (handler)

The 'add_token' tool handler function. It is registered via the @mcp.tool() decorator. The function validates inputs using Pydantic Fields, constructs a Token object from freakotp, and inserts it into the token database using get_token_db().

async def add_token(
    secret: str = Field(description="Secret key Base32"),
    issuer: str = Field(description="Issuer of the OTP token"),
    account: str = Field(description="Account for the OTP token"),
    type: Literal[TOKEN_TYPES] = "TOTP",
    algorithm: Literal[ALGORITHMS] = "SHA1",
    counter: int = Field(0, description="Counter value for HOTP tokens"),
    digits: int = Field(6, description="Number of digits in the OTP code"),
    period: int = Field(30, description="Time period for TOTP tokens in seconds"),
) -> str:
    """
    Add a new OTP token.

    Args:
        secret: Base32 encoded secret key
        issuer: Issuer of the OTP token
        account: Accout for the OTP token
        type: Type of the OTP token (TOTP or HOTP) (default is TOTP)
        algorithm: Hashing algorithm to use (SHA1, SHA256, SHA512, MD5) (default is SHA1)
        counter: Counter value for HOTP tokens (default is 0)
        digits: Number of digits in the OTP code (default is 6)
        period: Time period for TOTP tokens in seconds (default is 30)
    """
    try:
        db = get_token_db()
        token = Token(
            uri=None,
            type=TokenType[type] if type else TokenType.TOTP,
            algorithm=algorithm,
            counter=counter,
            digits=digits,
            issuer=issuer,
            issuer_int=None,
            issuer_ext=None,
            label=account,
            period=period,
            secret=Secret.from_base32(secret),
            token_db=db,
        )
        db.insert(token)
        return "Token added successfully."
    except Exception:
        raise ToolError("Error adding OTP token. Please check the provided parameters.")

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states the tool adds a token but doesn't explain what happens after addition (e.g., where the token is stored, if it's persisted, or any side effects). It also lacks information on permissions, rate limits, or error conditions, which are critical for a tool that likely modifies state.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and appropriately sized. It starts with a clear purpose statement, followed by a bullet-like 'Args' section that efficiently details parameters. There's minimal waste, and the information is front-loaded, making it easy to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of an OTP token addition tool with 8 parameters, no annotations, and no output schema, the description is incomplete. It lacks behavioral context (e.g., storage implications, error handling) and doesn't explain what the tool returns after adding a token. This leaves significant gaps for an agent to understand the full operation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description includes an 'Args' section that lists all parameters with brief explanations, which adds value beyond the input schema. However, with 75% schema description coverage, the schema already documents most parameters well. The description compensates somewhat by clarifying defaults and token-specific contexts (e.g., 'counter value for HOTP tokens'), but it doesn't fully bridge the gap for the 25% uncovered parameters.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Add a new OTP token.' This is a specific verb ('Add') and resource ('OTP token'), making it easy to understand what the tool does. However, it doesn't explicitly differentiate from sibling tools like 'calculate_otp_codes' or 'list_otp_tokens' beyond the 'add' action, which prevents a perfect score.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention sibling tools like 'delete_token' or 'list_otp_tokens', nor does it specify prerequisites or contexts for adding a token. This leaves the agent without explicit usage instructions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/andreax79/otp-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server