{"id":"pnocera-tailscale-mcp-server","name":"tailscale-mcp-server","homepage":null,"repo_url":"https://github.com/pnocera/tailscale-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","tailscale","networking","automation","identity","dns","acl","webhooks"],"what_it_does":"Provides an MCP (Model Context Protocol) server that manages Tailscale tailnet resources via the official Tailscale Go client library v2, exposing a large set of self-describing MCP tools (devices, keys, users/contacts, DNS/ACL policy, webhooks, logging, posture, tailnet settings).","use_cases":["Automate tailnet administration (device access, tagging, expiry, routing/subnets).","Manage authentication keys for CI/CD and operational workflows.","Provision and approve/suspend/restore/remove users and manage contact preferences.","Configure DNS settings (MagicDNS, DNS nameservers, search paths) and validate/deploy ACL policy (HuJSON).","Create and manage webhooks for tailnet events and configure logging/posture integrations."],"not_for":["Untrusted automation that should not have direct control over tailnet security posture (e.g., destructive actions)","Use as a public-facing service without strong network and auth controls around the MCP server process","Replacing Tailscale Admin UI for interactive, human-heavy governance workflows unless audited and constrained"],"best_when":"You run a controlled environment (Docker/binary) where an MCP-capable agent needs programmatic, fine-grained tailnet management with OAuth/API-key credentials.","avoid_when":"You cannot securely store credentials, you cannot restrict network access to the MCP server, or you need strict guardrails/auditing for destructive operations without additional tooling.","alternatives":["Use the Tailscale Admin API directly with your own client (REST/OAuth flows)","Use official Tailscale SDKs/Go client in your service rather than an MCP wrapper","Use other MCP servers/integration layers if available for Tailscale-related workflows"],"af_score":64.5,"security_score":71.2,"reliability_score":23.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:52:05.465765+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["Tailscale API key (TAILSCALE_API_KEY)","OAuth client credentials (TAILSCALE_CLIENT_ID/TAILSCALE_CLIENT_SECRET)"],"oauth":true,"scopes":true,"notes":"Auth is selected via environment variables; OAuth used when both client id and secret are set, otherwise API key is used. README indicates tools document required OAuth scopes."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information for the MCP server itself is provided in the supplied README; costs would be from your infrastructure and any Tailscale account requirements."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":64.5,"security_score":71.2,"reliability_score":23.8,"mcp_server_quality":85.0,"documentation_accuracy":70.0,"error_message_quality":80.0,"error_message_notes":null,"auth_complexity":75.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":80.0,"scope_granularity":85.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"Security is driven by Tailscale admin credentials. The README emphasizes storing API keys/OAuth credentials securely via environment variables and mentions OAuth scopes per tool, which supports least-privilege. TLS enforcement for the MCP server transport is not explicitly documented in the provided content. Dependency/Vulnerability hygiene and secret non-logging behavior are not verifiable from the supplied README alone. Presence of powerful write/delete tools increases risk if the MCP server or credentials are exposed; strong network isolation and agent-level safeguards are recommended.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":20.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"Some tools are likely non-idempotent (e.g., device delete/authorize toggles, key creation, policy set). The README does not describe idempotency semantics or safe retry guidance per tool.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Destructive operations exist (delete device/user, revoke keys, delete webhooks, update ACL policy). Agents should implement explicit confirmation/guardrails.","Policy update/validation steps: policy_validate is available, but the README does not specify recommended agent sequences.","Token/credential handling: agent operators must ensure env vars/secrets are not logged and are rotated appropriately.","Rate limits are not documented in the provided README; repeated retries may trigger Tailscale/API throttling."]}}