UniFi MCP Server

MCP server providing Claude Code with full UniFi network management capabilities -- devices, clients, ports, bandwidth auditing, firewall policies, and traffic rules -- all through natural language.

→ philipvanlewis/unifi-mcp-server · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Secret credentials may flow to a network call

2 flows detected: UNIFI_PASSWORD. We can’t prove the destination matches the brand the credential belongs to.

⚠️

Known vulnerabilities in dependencies: 17 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 2 credentials: TOKEN_ENCRYPTION_KEY, UNIFI_PASSWORD

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configLOG_LEVEL— No info Log verbosity: debug, info, warn, error

configMAX_RETRIES— No 3 Number of retry attempts for webhook push

configRETRY_DELAY_MS— No 60000 Initial delay between retries in ms (linear backoff: 1x, 2x, 3x)

configTOKEN_CACHE_PATH— No ./data/unifi-session.encrypted.json Path to the encrypted session cache file

🔐 secretTOKEN_ENCRYPTION_KEY— No -- 64-character hex key for AES-256-GCM encryption. Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))". Falls back to base64 encoding if unset.

configUNIFI_HOST— "": "your-controller-ip",

🔐 secretUNIFI_PASSWORD— npm run auth -- --auto # Non-interactive (requires UNIFI_USERNAME, , UNIFI_TOTP_SEED)

configUNIFI_PORT— No 443 HTTPS port

configUNIFI_SITE— "": "default"

configUNIFI_TOTP_SEED— npm run auth -- --auto # Non-interactive (requires UNIFI_USERNAME, UNIFI_PASSWORD, )

configUNIFI_USERNAME— npm run auth -- --auto # Non-interactive (requires , UNIFI_PASSWORD, UNIFI_TOTP_SEED)

configUNIFI_VERIFY_SSL— No false Set true only if the controller has a valid TLS certificate

configVPN_GATEWAY— No -- IP to ping for VPN health check (e.g., your gateway behind the tunnel)

configVPN_TUNNEL_NAME— No -- WireGuard tunnel name for automatic VPN connect/disconnect

configWEBHOOK_URL— For webhook -- Make.com or other webhook URL for monthly bandwidth audit

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/philipvanlewis-unifi-mcp-server-1xcx6x)](https://m8ven.ai/mcp/philipvanlewis-unifi-mcp-server-1xcx6x)

commit: 7be6cee4251b08e4c625244b7ef3cf9f77faf07f

code hash: cd4f205d644a7aa8c82b024560c012267e80e87c865bf1ed6b0beb30cab470d6

verified: 6/15/2026, 1:48:08 PM

view raw JSON →