Summary
A native wrapper around Anthropic's Admin API and Usage & Cost API, exposing 20 tools for managing organizations, workspaces, members, API keys, and billing data through natural language. You get full read coverage (list members, pull usage reports, check spend by workspace) and guarded writes (invite users, archive workspaces, deactivate keys) with required confirmation flags and JSONL audit logs. Particularly useful if you're managing a Team or Enterprise org and want to answer billing questions or handle member ops without leaving Claude Desktop. Ships with read-only mode, optional workspace scoping, and role escalation guards to keep destructive actions scoped.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
anthropic-admin-mcp
The MCP server Anthropic hasn't shipped yet — full coverage of the Anthropic Admin API and the Usage & Cost API, properly typed, properly tooled, and properly safety-scoped.
Manage your Anthropic organization from any MCP-compatible client (Claude Desktop, Cursor, Windsurf, ChatGPT, etc.) using natural language:
- "What did my organization spend last week, grouped by workspace?"
- "Which API key burned through the most Opus tokens yesterday?"
- "Show me Pre-Mortem's usage day-by-day for the last 14 days."
- "Invite contractor@example.com as a developer to the Sandbox workspace."
- "Deactivate the API key named 'old-laptop'."
10 read tools, 10 write tools, audit logging, optional workspace scoping, read-only mode, role-escalation guard.
Why this exists
Anthropic ships an excellent Admin API with ~22 endpoints across organization management, workspaces, members, API keys, usage reporting, and cost reporting. Existing MCP wrappers from third parties cover a tiny slice of it through commercial integration platforms. This server is native, free, open-source, and complete — installable in two minutes against your own Admin key.
Install
pip install git+https://github.com/Trushtonfactory/anthropic-admin-mcp.git
Or for local development:
git clone https://github.com/Trushtonfactory/anthropic-admin-mcp.git
cd anthropic-admin-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
Configure
-
Get an Admin API key at console.anthropic.com → Settings → Admin Keys. Requires an Organization plan (Team / Pro+ / Enterprise) and the admin role. Individual accounts cannot create Admin keys.
-
Copy
.env.exampleto.envand fill in your key:cp .env.example .env # edit .env: ANTHROPIC_ADMIN_KEY=sk-ant-admin-... -
Wire it into your MCP client. For Claude Desktop, add to
~/Library/Application Support/Claude/claude_desktop_config.json:{ "mcpServers": { "anthropic-admin": { "command": "anthropic-admin-mcp", "env": { "ANTHROPIC_ADMIN_KEY": "sk-ant-admin-..." } } } }See
examples/claude_desktop_config.jsonfor more options (read-only mode, workspace scoping).
Tools
Read (10)
| Tool | Purpose |
|---|---|
get_org_info | Smoke-test the key; return org id + name |
list_members | List org members and roles |
list_invites | List pending and historical invites |
list_workspaces | List active (and optionally archived) workspaces |
get_workspace | Resolve a workspace ID to its full record |
list_workspace_members | List members of a specific workspace |
list_api_keys | List keys with filters by status / workspace |
get_usage_report | Token usage, grouped by workspace/api_key/model/etc. |
get_cost_report | Dollar costs, grouped by workspace / description |
get_claude_code_usage | Claude Code-specific usage data |
Write (10) — all require confirm=True
| Tool | Action |
|---|---|
invite_member | Send an invite (cannot grant admin) |
delete_invite | Cancel a pending invite |
update_member_role | Change a member's org role (cannot touch admin) |
remove_member | Remove a non-admin member |
create_workspace | Create a new workspace |
update_workspace | Rename or recolor a workspace |
archive_workspace | Archive a workspace |
add_workspace_member | Grant workspace access |
update_workspace_member_role | Change a workspace role |
remove_workspace_member | Revoke workspace access |
update_api_key | Rename or deactivate an API key |
Running
# Full mode (read + write), stdio transport
anthropic-admin-mcp
# Read-only — recommended for first-time setup
anthropic-admin-mcp --read-only
# Streamable HTTP (for remote MCP clients)
anthropic-admin-mcp --http --port 8000
# Restrict writes to specific workspaces (set in .env or shell)
ALLOWED_WORKSPACES=wrkspc_abc,wrkspc_xyz anthropic-admin-mcp
Safety
See SECURITY.md for the full threat model and design notes. The short version:
- Reads are open. Anything the Admin API exposes with your key, this server exposes.
- Writes are guarded. Every mutation requires
confirm=True, gets audit-logged to JSONL, and respects optional workspace scoping. - Role escalation is blocked client-side even though the API itself blocks it server-side — clearer error messages for Claude.
- No credential exfiltration paths. The Admin API never returns key values, and this server never logs the Admin key itself.
Status
v0.1.0 — read + write tool surface complete. Pagination, error messages, and audit logging tested manually. No usage limits implemented yet. Pydantic response models are minimal (tools return raw dicts).
Issues and PRs welcome.
License
MIT — see LICENSE.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
ANTHROPIC_ADMIN_KEY*secretYour Anthropic Admin API key (Console -> Settings -> Admin Keys). Required.
ALLOWED_WORKSPACESOptional comma-separated workspace IDs to scope write tools to. Recommended for least-privilege setups.
AUDIT_LOG_PATHPath for JSONL audit log of mutating operations. Defaults to ./audit.jsonl.
Categories
Registryactive
Packageanthropic-admin-mcp
TransportSTDIO
AuthRequired
UpdatedMay 19, 2026
