{"id":"pnocera-tailscale-mcp-server","name":"tailscale-mcp-server","af_score":64.5,"security_score":71.2,"reliability_score":23.8,"what_it_does":"Provides an MCP (Model Context Protocol) server that manages Tailscale tailnet resources via the official Tailscale Go client library v2, exposing a large set of self-describing MCP tools (devices, keys, users/contacts, DNS/ACL policy, webhooks, logging, posture, tailnet settings).","best_when":"You run a controlled environment (Docker/binary) where an MCP-capable agent needs programmatic, fine-grained tailnet management with OAuth/API-key credentials.","avoid_when":"You cannot securely store credentials, you cannot restrict network access to the MCP server, or you need strict guardrails/auditing for destructive operations without additional tooling.","last_evaluated":"2026-04-04T19:52:05.465765+00:00","has_mcp":true,"has_api":false,"auth_methods":["Tailscale API key (TAILSCALE_API_KEY)","OAuth client credentials (TAILSCALE_CLIENT_ID/TAILSCALE_CLIENT_SECRET)"],"has_free_tier":false,"known_gotchas":["Destructive operations exist (delete device/user, revoke keys, delete webhooks, update ACL policy). Agents should implement explicit confirmation/guardrails.","Policy update/validation steps: policy_validate is available, but the README does not specify recommended agent sequences.","Token/credential handling: agent operators must ensure env vars/secrets are not logged and are rotated appropriately.","Rate limits are not documented in the provided README; repeated retries may trigger Tailscale/API throttling."],"error_quality":80.0}