Use Your Prompts Anywhere: The MCP Server

Your library does not have to stay in a browser tab. Prompt2Love runs a remote Model Context Protocol (MCP) server at https://prompt2love.com/api/mcp that lets Claude Code, Claude Desktop, ChatGPT, Cursor, and Windsurf search and pull your own prompts and skills straight into a chat. Connecting is secured by OAuth 2.1 with PKCE, so you sign in and approve access instead of pasting API keys around - and the whole thing is included on every plan, free included.

The /prompt Slash Command

Type a search term (1 to 200 characters) and the command matches it against your prompts by title, description, content, and tags. If exactly one prompt matches, it is inserted immediately with a German header that reads «Hier is mein Prompt „[Titel]" aus prompt2love…», marked with an (importiert) flag if it is a fork. If several match, you get a selectable list of up to 8 titles with their descriptions and ids, and you load the one you want via get_prompt. No match returns a short retry message. If the inserted prompt contains {{variables}}, a German note is appended that tells the AI agent to ask you for the values before using the prompt. How you invoke it depends on the client.

• Query 1 to 200 characters; matches title, description, content, and tags (case-insensitive)
• One match inserts immediately; up to 8 matches show as a selectable list; no match returns a retry message
• A German variable note is appended when the prompt contains {{variables}}
• Invocation: Claude Code uses /mcp__prompt2love__prompt, Claude Desktop and ChatGPT use /prompt
• All responses are in German

Library Tools: Search, List & Fetch Prompts and Skills

search_my_prompts keyword-matches your prompts and returns metadata only. list_my_prompts lists your prompts with optional filters for tag, AI tool, or favorites, plus pagination. get_prompt fetches a single prompt's full content by id (falling back to slug). list_my_skills and get_skill do the same for skills. Every tool re-validates that the row is yours via an ownership check (ownsRow), so a client can only ever reach your own content, and all five are available on every plan. When get_prompt or get_skill returns full content, it wraps that content in untrusted-data fence markers with an UNTRUSTED_CONTENT_NOTICE - that way the AI treats imported or forked content as data to read, not as instructions to execute. It is a built-in defense against prompt injection.

• search_my_prompts: query up to 200 chars, limit 1 to 50 (default 20), metadata only
• list_my_prompts: filters for tag, AI tool, or favorite, limit 1 to 100 (default 50), with offset, metadata only
• get_prompt / get_skill: by id (falls back to slug), full content FENCED with an untrusted-data notice plus provenance (isImported, sourceUrl)
• list_my_skills: no parameters, metadata only
• All tools ownership-validated (ownsRow) and scoped to the signed-in user

ChatGPT-Style search & fetch Tools

To match how ChatGPT connectors expect tools to behave, search takes a query (1 to 200 characters) and substring-matches both prompts (title, description, content, tags) and skills (title, description, instructions, tags), returning up to 20 combined results. Each result carries an id prefixed with 'prompt:' or 'skill:', a snippet of about 200 characters, and a url. fetch takes an id (the prefix is optional and defaults to a prompt) and returns the full content unfenced - because here you are pulling your own content to use it, so it is secured by the ownership check and a source-metadata flag rather than by fencing.

• search: combined prompts and skills, up to 20 results, ids prefixed 'prompt:' or 'skill:', with snippet and url
• fetch: by prefixed id (defaults to prompt), full content UNFENCED, metadata.source = "user's own prompt2love library"
• SITE_URL constant: https://prompt2love.com; every call ownership-validated

OAuth 2.1 + PKCE Authorization

When a client first connects, an unauthenticated request returns a 401 with a WWW-Authenticate header that points to the discovery metadata (/.well-known/oauth-protected-resource leading to /.well-known/oauth-authorization-server), and Dynamic Client Registration is supported. You land on the branded German consent page at /dashboard/mcp/consent, which shows the consent code, the client id, and the library:read scope, and you click «Erlauben» (allow) or «Ablehnen» (deny). The client then captures the authorization code and exchanges it for a token. Every MCP request afterwards re-validates the token via getMcpSession(), checks its expiry, and rejects suspended accounts. Tokens are stored server-side in oauthAccessTokens and your approvals in oauthConsents.

• OAuth 2.1 with PKCE, no implicit flow; Dynamic Client Registration via discovery endpoints
• Consent page at /dashboard/mcp/consent (German); buttons «Erlauben» / «Ablehnen»; scope library:read (read-only)
• Per-request validation via getMcpSession(); expiry checked; suspended accounts (isSuspended) rejected
• Tokens stored in oauthAccessTokens, consents in oauthConsents

Connection Management

The MCP section of your dashboard lists your active OAuth tokens via GET /api/mcp/connections, showing the client id, the app name, the granted scopes, and the locale-formatted created and expires dates. A green dot signals an active connection and a gray dot signals none. A single «Disconnect all» button (DELETE /api/mcp/connections) deletes all of your oauthAccessTokens and oauthConsents at once, so you can cut every client off in one step. This is available on all plans.

• GET /api/mcp/connections lists active sessions (clientId, appName, scopes, createdAt, expiresAt)
• DELETE /api/mcp/connections revokes ALL of your tokens and consents at once
• Dates are locale-formatted (de-DE / en-US); a green dot shows when connected
• Available on all plans

Supported Clients & Availability

Everything runs through one remote endpoint, https://prompt2love.com/api/mcp, which you register per client. Claude Code uses the CLI command 'claude mcp add --transport http prompt2love https://prompt2love.com/api/mcp'. Claude Desktop connects via Settings, then Connectors, and needs a paid plan. ChatGPT connects via Settings, then Connectors, with Developer Mode enabled, and needs a Plus, Pro, Team, or Enterprise plan. Cursor reads it from ~/.cursor/mcp.json as a {url} entry, and Windsurf reads it from its MCP config as a {serverUrl} entry. Each client runs OAuth once on first connect, after which the tools simply work. On the Prompt2Love side there is no tier gate - only account suspension and the general /api rate-limiter apply, so the requirements above (paid Claude Desktop, Plus-and-up ChatGPT) come from those clients, not from us.

• Endpoint: https://prompt2love.com/api/mcp (HTTP transport, not stdio)
• Claude Code: CLI add command; Cursor: mcp.json {url}; Windsurf: config {serverUrl}
• Claude Desktop needs a paid plan; ChatGPT needs Plus or higher and Developer Mode
• No plan gate for MCP (free included); suspended accounts are blocked; covered by the /api rate-limiter