ProxmoxMCP-Plus
ProxmoxMCP-Plus is a Python-based Model Context Protocol (MCP) server that exposes Proxmox virtualization operations (VM and LXC container lifecycle, power management, snapshots, backups, ISO/templates, and monitoring) via MCP tools, with an additional “OpenAPI integration” layer intended for REST-style access.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses Proxmox API tokens (stronger than no auth) but does not describe server-side request authentication/authorization boundaries beyond configuration. README includes a verify_ssl=false option (risk of MITM on connections to Proxmox). It also provides guidance to inject/replace SSH authorized_keys for containers, which increases blast radius if credentials or keys are mishandled. No details are provided on logging redaction of secrets, RBAC/scopes for individual tools, or rate limiting. Transport modes include MCP over stdio/SSE/streamable; the README does not document TLS settings for these endpoints.
⚡ Reliability
Best When
You want an agent-accessible interface (MCP or OpenAPI) for Proxmox administration, and you can safely provision Proxmox API tokens and network access for the server.
Avoid When
You cannot ensure strict credential handling and least-privilege Proxmox token permissions, or you require highly constrained operations (read-only).
Use Cases
- • MCP-driven conversational or agent workflows to manage Proxmox VMs and LXC containers (create/start/stop/restart/delete).
- • Automating VM/container snapshot and rollback workflows.
- • Managing backups/restore operations for Proxmox resources.
- • Providing an OpenAPI/HTTP surface for integrating Proxmox management into web UIs (e.g., Open WebUI) or other external tools.
Not For
- • Unattended production automation without reviewing least-privilege Proxmox permissions (it performs destructive actions like delete/rollback).
- • Environments that disallow token-based management access or require strong human-in-the-loop controls for virtualization operations.
- • Use as a general-purpose Proxmox API replacement without validating exact API contract, error semantics, and security controls in the implementation.
Interface
Authentication
Uses Proxmox API tokens configured in the README example; README mentions an optional “Privilege Separation” setting when creating the token, but does not document fine-grained MCP/OpenAPI scopes on the server side.
Pricing
No pricing information provided (appears to be open-source/community software).
Agent Metadata
Known Gotchas
- ⚠ Destructive operations (delete VM/container, delete snapshots, rollback snapshots) are exposed; agents should add explicit confirmations/guardrails.
- ⚠ Some container command execution relies on SSH/pct exec and may require additional setup and permissions; failures may be nuanced (network/SSH/key issues).
- ⚠ OpenAPI layer is described at a high level; proxying via mcpo suggests an extra component that may affect auth/error behavior and operational semantics.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for ProxmoxMCP-Plus.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.