{"id":"proxmox-mcp-server","name":"proxmox-mcp-server","homepage":"https://pypi.org/project/proxmox-mcp-server/","repo_url":"https://github.com/GethosTheWalrus/proxmox-mcp","category":"infrastructure","subcategories":[],"tags":["mcp","proxmox","virtualization","automation","infrastructure","python","qemu","lxc","storage","admin-tools"],"what_it_does":"Provides a Model Context Protocol (MCP) server exposing many Proxmox VE administrative operations (read-only inventory/status plus high-impact actions like create/clone/migrate/shutdown, storage provisioning, and access control) as MCP tools.","use_cases":["AI-assisted Proxmox administration (inventory, diagnostics, generating reports)","Automating VM/LXC lifecycle tasks via an MCP client","Cluster-wide visibility and operational workflows (tasks, logs, HA/cluster status)","Storage and template management (upload/download, provisioning, backup pruning)","Remote console ticket generation and guest-agent file/command operations"],"not_for":["Unsupervised or unaudited operations that could destroy data (e.g., destructive disk initialization, irreversible template conversion) without guardrails","Public/Internet-facing exposure without strong network controls and least-privilege credentials","Compliance-sensitive environments without documented security controls and auditability"],"best_when":"Used inside a trusted network with restricted access to the MCP server and scoped Proxmox privileges, where a human-in-the-loop can approve high-impact actions.","avoid_when":"When you cannot enforce TLS/network access controls, cannot control operator privileges, or cannot monitor/audit actions taken by the MCP client/agent.","alternatives":["Direct Proxmox API usage (proxmoxer) from your automation scripts","Using Proxmox built-in web UI or CLI (e.g., pvesh/pct/qm) via scripts","Other MCP servers or orchestration layers that wrap virtualization platforms with explicit policy/guardrails","Custom thin wrapper around Proxmox REST API with your own RBAC and logging"],"af_score":41.8,"security_score":44.2,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:47:42.783237+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API token authentication against Proxmox","Password-based authentication against Proxmox"],"oauth":false,"scopes":false,"notes":"Authentication mode is described as API token or password-based against local/remote Proxmox instances, but the README content provided does not detail how MCP server requests are authenticated/authorized (e.g., whether it supports client auth, token forwarding, or fine-grained MCP tool authorization)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided; project appears to be an open-source package/distribution via PyPI and Docker per README."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":41.8,"security_score":44.2,"reliability_score":32.5,"mcp_server_quality":75.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":0.0,"tls_enforcement":50.0,"auth_strength":45.0,"scope_granularity":30.0,"dependency_hygiene":60.0,"secret_handling":40.0,"security_notes":"Security posture is partially inferable: the server supports Proxmox API token and password authentication, but the provided materials do not specify whether MCP transport uses TLS, how credentials are handled, whether the MCP server authenticates MCP clients, or whether Proxmox privileges are constrained per tool. The broad set of administrative tools increases blast radius if access control is weak. Dependency/security hygiene details (CVE status, lockfiles, pinned versions) are not provided, so scores reflect uncertainty rather than confirmed safety.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":50.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Many exposed tools are high-impact (create/delete/stop/migrate/convert/resize/init-disk). Agents may issue irreversible actions if not constrained with explicit policies.","Operations may require the target to be in a particular state (e.g., delete VM/container often requires stop). Without idempotency checks and precondition validation, repeated tool calls can fail or cause unintended outcomes.","Cluster/storage operations can have long-running tasks; clients need to handle asynchronous task status/log retrieval reliably (e.g., via UPID workflows)."]}}