owui-mcp-server
Provides an MCP server that exposes Open WebUI Knowledge Bases as MCP tools/resources, enabling clients to list knowledge bases, fetch knowledge base info, and run semantic search against a specific knowledge base. Supports stdio (local) and HTTP (remote) transports and proxies requests to the Open WebUI API using an API token.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README claims: per-connection auth, input validation/sanitization, rate limiting (per-IP/per-token), CORS protection (disabled by default), request size limits (10MB), error message sanitization, and token validation. TLS enforcement is not explicitly stated for the MCP HTTP server; upstream Open WebUI API likely uses HTTPS based on examples. Scope granularity is not described (relies on Open WebUI API token behavior). Dependency hygiene and secret-handling correctness can only be confirmed by inspecting source; from provided data, scores are moderate.
⚡ Reliability
Best When
You already run Open WebUI and want MCP clients (Cursor, Claude Desktop, others) to search and reference your Knowledge Bases with minimal integration overhead.
Avoid When
You cannot safely store/use Open WebUI API tokens for the MCP server, or you require strong, formally documented security guarantees (e.g., security posture details beyond README claims).
Use Cases
- • Semantic retrieval over Open WebUI Knowledge Bases for AI assistants via MCP
- • Knowledge base browsing (list bases, get base details) from MCP clients
- • Backend systems that want to integrate Open WebUI knowledge retrieval into agent workflows
- • Remote MCP access (HTTP transport) for tools running outside the same host
- • Multi-user separation by using per-connection Open WebUI API tokens
Not For
- • Serving arbitrary file/content not present in Open WebUI Knowledge Bases
- • Use as a general-purpose Open WebUI API gateway beyond knowledge-base operations
- • Highly compliance-sensitive deployments where token handling, logging, and data governance must be independently verified from source code
- • Environments requiring documented, formal SLAs or guaranteed uptime
Interface
Authentication
Authentication is described as per-connection API token isolation. The README does not document token scopes beyond the Open WebUI API token itself.
Pricing
No pricing information for this repository itself; it is an open-source npm package. Costs are primarily from your Open WebUI hosting and any downstream AI usage.
Agent Metadata
Known Gotchas
- ⚠ Agents may not know which knowledge_base_id to query; README suggests calling list_knowledge_bases when unsure.
- ⚠ If using HTTP transport, misconfiguration of MCP_TRANSPORT/MCP_HTTP_PORT or missing Authorization header will prevent the client from connecting.
- ⚠ If MCP_CORS_ORIGINS is left empty, remote browser-based setups may fail due to lack of CORS (though most MCP clients are not browser-based).
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for owui-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.