Skip to content

Add to Claude Desktop

Claude Desktop supports MCP servers natively as of late 2025. With Picora, you authenticate via OAuth — no API keys to copy or rotate.

One-click install

If you opened this page in a browser on the same machine that runs Claude Desktop, the simplest path is:

  1. Click Add to Claude Desktop in the navigation header at picora.me/mcp (or use the button below).
  2. Claude Desktop opens (or you confirm in the dialog), pre-configured with Picora’s mcp.picora.me endpoint.
  3. The first tool call kicks off Picora’s OAuth flow in your default browser. Approve once — the access token is stored in Claude Desktop’s local secret store and refreshed automatically.

Privacy note. Once approved, Claude Desktop holds an OAuth access token (1 hour TTL) and a refresh token (90 day TTL). You can revoke it anytime from center.picora.me/dashboard/my-apps.

Manual config

If the deep link doesn’t work (older Claude Desktop builds, sandboxed installs), paste this into your Claude Desktop MCP settings:

macOS / Linux

~/Library/Application Support/Claude/mcp.json (macOS) or ~/.config/Claude/mcp.json (Linux):

{
  "mcpServers": {
    "picora": {
      "url": "https://mcp.picora.me",
      "auth": {
        "type": "oauth",
        "authorizationUrl": "https://api.picora.me/oauth/authorize",
        "tokenUrl":         "https://api.picora.me/oauth/token",
        "scopes": [
          "media.read", "media.write",
          "kb.read",    "kb.write",
          "account.read", "usage.read"
        ]
      }
    }
  }
}

Windows

%APPDATA%\Claude\mcp.json. Same JSON content as above.

China deployment

Replace mcp.picora.me with mcp.picora.cn, and the OAuth URLs accordingly. Data is fully isolated between the two regions.

Picking the right scopes

The default scope set above is read + write, no delete — fine for a creative assistant that uploads screenshots and reads knowledge bases. Tweak it before approving:

  • AI assistant that only reads → drop media.write / kb.write.
  • AI assistant that creates KB docs → keep kb.write.
  • AI assistant that needs to clean up old assets → add media.delete. Be sure you really want this.

You can always reauthorize later with a different scope set; old tokens are revoked automatically.

Troubleshooting

SymptomLikely cause
OAuth browser opens but redirects back unauthenticatedPicora session expired — sign in at center.picora.me first
Tools list empty after authCache lag; wait 30 s and retry, or check /mcp/tools.json directly
MCP_PLAN_INSUFFICIENT when calling picora.upload_videoYour account is on trial — upgrade in Billing
Frequent RATE_LIMITED on chained callsHit upload (60 / min) or mutation (120 / min) tier; add delay

If something stays broken, the 24-hour usage on the admin side is great for triage — file an issue at github.com/picora with the request id from any error response.

Security

  • Refresh tokens rotate on every use; replays trigger immediate chain revocation + an email alert (v0.14 OAuth replay protection).
  • Picora never sees your machine’s filesystem; all uploads go through explicit tool calls.
  • Picora’s MCP server runs only the 30 tools in the catalog. There is no shell-execute escape hatch.