tailscale-mcp-server
Provides an MCP (Model Context Protocol) server that manages Tailscale tailnet resources via the official Tailscale Go client library v2, exposing a large set of self-describing MCP tools (devices, keys, users/contacts, DNS/ACL policy, webhooks, logging, posture, tailnet settings).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security is driven by Tailscale admin credentials. The README emphasizes storing API keys/OAuth credentials securely via environment variables and mentions OAuth scopes per tool, which supports least-privilege. TLS enforcement for the MCP server transport is not explicitly documented in the provided content. Dependency/Vulnerability hygiene and secret non-logging behavior are not verifiable from the supplied README alone. Presence of powerful write/delete tools increases risk if the MCP server or credentials are exposed; strong network isolation and agent-level safeguards are recommended.
⚡ Reliability
Best When
You run a controlled environment (Docker/binary) where an MCP-capable agent needs programmatic, fine-grained tailnet management with OAuth/API-key credentials.
Avoid When
You cannot securely store credentials, you cannot restrict network access to the MCP server, or you need strict guardrails/auditing for destructive operations without additional tooling.
Use Cases
- • Automate tailnet administration (device access, tagging, expiry, routing/subnets).
- • Manage authentication keys for CI/CD and operational workflows.
- • Provision and approve/suspend/restore/remove users and manage contact preferences.
- • Configure DNS settings (MagicDNS, DNS nameservers, search paths) and validate/deploy ACL policy (HuJSON).
- • Create and manage webhooks for tailnet events and configure logging/posture integrations.
Not For
- • Untrusted automation that should not have direct control over tailnet security posture (e.g., destructive actions)
- • Use as a public-facing service without strong network and auth controls around the MCP server process
- • Replacing Tailscale Admin UI for interactive, human-heavy governance workflows unless audited and constrained
Interface
Authentication
Auth is selected via environment variables; OAuth used when both client id and secret are set, otherwise API key is used. README indicates tools document required OAuth scopes.
Pricing
No pricing information for the MCP server itself is provided in the supplied README; costs would be from your infrastructure and any Tailscale account requirements.
Agent Metadata
Known Gotchas
- ⚠ Destructive operations exist (delete device/user, revoke keys, delete webhooks, update ACL policy). Agents should implement explicit confirmation/guardrails.
- ⚠ Policy update/validation steps: policy_validate is available, but the README does not specify recommended agent sequences.
- ⚠ Token/credential handling: agent operators must ensure env vars/secrets are not logged and are rotated appropriately.
- ⚠ Rate limits are not documented in the provided README; repeated retries may trigger Tailscale/API throttling.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for tailscale-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.