proxmox-mcp-server
Provides a Model Context Protocol (MCP) server exposing many Proxmox VE administrative operations (read-only inventory/status plus high-impact actions like create/clone/migrate/shutdown, storage provisioning, and access control) as MCP tools.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture is partially inferable: the server supports Proxmox API token and password authentication, but the provided materials do not specify whether MCP transport uses TLS, how credentials are handled, whether the MCP server authenticates MCP clients, or whether Proxmox privileges are constrained per tool. The broad set of administrative tools increases blast radius if access control is weak. Dependency/security hygiene details (CVE status, lockfiles, pinned versions) are not provided, so scores reflect uncertainty rather than confirmed safety.
⚡ Reliability
Best When
Used inside a trusted network with restricted access to the MCP server and scoped Proxmox privileges, where a human-in-the-loop can approve high-impact actions.
Avoid When
When you cannot enforce TLS/network access controls, cannot control operator privileges, or cannot monitor/audit actions taken by the MCP client/agent.
Use Cases
- • AI-assisted Proxmox administration (inventory, diagnostics, generating reports)
- • Automating VM/LXC lifecycle tasks via an MCP client
- • Cluster-wide visibility and operational workflows (tasks, logs, HA/cluster status)
- • Storage and template management (upload/download, provisioning, backup pruning)
- • Remote console ticket generation and guest-agent file/command operations
Not For
- • Unsupervised or unaudited operations that could destroy data (e.g., destructive disk initialization, irreversible template conversion) without guardrails
- • Public/Internet-facing exposure without strong network controls and least-privilege credentials
- • Compliance-sensitive environments without documented security controls and auditability
Interface
Authentication
Authentication mode is described as API token or password-based against local/remote Proxmox instances, but the README content provided does not detail how MCP server requests are authenticated/authorized (e.g., whether it supports client auth, token forwarding, or fine-grained MCP tool authorization).
Pricing
No pricing information provided; project appears to be an open-source package/distribution via PyPI and Docker per README.
Agent Metadata
Known Gotchas
- ⚠ Many exposed tools are high-impact (create/delete/stop/migrate/convert/resize/init-disk). Agents may issue irreversible actions if not constrained with explicit policies.
- ⚠ Operations may require the target to be in a particular state (e.g., delete VM/container often requires stop). Without idempotency checks and precondition validation, repeated tool calls can fail or cause unintended outcomes.
- ⚠ Cluster/storage operations can have long-running tasks; clients need to handle asynchronous task status/log retrieval reliably (e.g., via UPID workflows).
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for proxmox-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.