{"id":"pihole-mcp-server","name":"pihole-mcp-server","homepage":"https://pypi.org/project/pihole-mcp-server/","repo_url":"https://github.com/brettbergin/pihole-mcp-server.git","category":"infrastructure","subcategories":[],"tags":["mcp","pihole","dns","automation","cli","python","security","networking","ide-integration"],"what_it_does":"Provides an MCP server (and CLI) to manage a Pi-hole DNS server from AI assistants/IDE clients, supporting both legacy Pi-hole (admin/api.php with API token) and modern Pi-hole (api/* with web interface password).","use_cases":["Enable/disable Pi-hole DNS blocking for scheduled troubleshooting","Query Pi-hole status and DNS blocking statistics","Find top blocked domains and view Pi-hole analytics","Allow natural-language operations from an MCP-capable IDE/agent"],"not_for":["Public/Internet-exposed untrusted automation (without additional network controls)","Organizations needing centralized authorization/tenant isolation beyond Pi-hole itself","Use cases requiring fine-grained audit trails or approvals per action"],"best_when":"You run Pi-hole on a trusted LAN and want an MCP client to automate administrative tasks interactively.","avoid_when":"You cannot store credentials securely on the host, or you need strict protections against an agent making destructive/unauthorized changes.","alternatives":["pihole-cli/REST usage directly from your automation","Other Pi-hole API wrappers (community projects)","Run MCP tools that call Pi-hole API via a custom gateway you control"],"af_score":53.8,"security_score":63.5,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:48:34.257898+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Legacy Pi-hole API token (admin/api.php)","Modern Pi-hole web interface password (api/* endpoints)","Local credential storage via system keyring or encrypted file fallback"],"oauth":false,"scopes":false,"notes":"Authentication is with Pi-hole credentials stored locally by the MCP server/CLI; there is no end-user OAuth layer or fine-grained scopes at the MCP server interface described in the README."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source (MIT) with no pricing information provided."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":53.8,"security_score":63.5,"reliability_score":26.2,"mcp_server_quality":78.0,"documentation_accuracy":72.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":0.0,"tls_enforcement":90.0,"auth_strength":65.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":85.0,"security_notes":"README claims HTTPS support with certificate verification and allows disabling SSL verification; credential storage uses OS keyring with an encrypted-file fallback (AES-256, PBKDF2) and restricts file permissions. However, there is no described authorization model at the MCP server level (no per-tool/action scopes, no approval workflow), so any user/process that can call the MCP server can perform Pi-hole admin actions. Rate limits and detailed error semantics are not documented.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"The README lists enable/disable operations but does not document idempotency behavior (e.g., safe retries, deduping).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Agent may disable Pi-hole for a duration; ensure it asks for/chooses durations carefully.","Correct auth method depends on Pi-hole version; if detection fails, credentials may need to be re-entered via login/logout.","If SSL verification is disabled (no-verify-ssl), network-in-the-middle risk increases; keep verification enabled when possible.","Because credentials are stored locally, ensure the MCP server host is access-controlled to prevent other users/processes from invoking it with stored secrets."]}}