{"id":"vsphere-mcp-server","name":"vsphere-mcp-server","homepage":"https://pypi.org/project/vsphere-mcp-server/","repo_url":"https://github.com/InfraMCP/vsphere-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","vsphere","vmware","virtualization","automation","infrastructure","python"],"what_it_does":"A Python Model Context Protocol (MCP) server that provides tool-based access to VMware vSphere (vCenter/ESXi) for infrastructure management. It exposes MCP tools for authentication credential caching, VM lifecycle operations, inventory lookups (hosts/datacenters/datastores), folder organization browsing, and network/VLAN discovery using the vSphere APIs.","use_cases":["Automating VM inventory and inspection via an MCP-connected agent","Running scripted power operations (power on/off) on selected VMs","Retrieving infrastructure metadata (hosts, datastores, datacenters) for monitoring/assessment workflows","Discovering networks and extracting VLAN info from network naming","Browsing vSphere folder structures to locate resources"],"not_for":["Production-ready automated operations without human review for destructive/high-impact actions","Environments requiring strict TLS verification by default if SSL verification is disabled","High-governance setups that need fine-grained IAM scopes and explicit permission models at the API layer (it delegates to vSphere roles/permissions)"],"best_when":"You want an MCP tool layer for vSphere discovery and basic operational actions, and you can provide/handle vSphere credentials securely in an environment that can tolerate the stated TLS verification behavior.","avoid_when":"You cannot change/override TLS settings to enforce certificate verification, or you require explicit OAuth-style scopes at the MCP layer.","alternatives":["Direct use of VMware vSphere SDKs/APIs (e.g., pyvmomi) in your own automation","Other MCP servers or agents that wrap vSphere operations (if available internally)","Terraform/Ansible vSphere modules for infrastructure management (where applicable)"],"af_score":56.8,"security_score":42.5,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:39:52.202249+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Domain-based credential caching (username/password) with GUI prompt on first use and renewal on TTL expiry","Clearing cached credentials via vsphere_clear_credentials(hostname)"],"oauth":false,"scopes":false,"notes":"The server appears to use vSphere session token authentication behind the scenes, but exposes username/password credential acquisition and local caching/TTL at the MCP layer rather than OAuth scopes."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"License is MIT and PyPI installation is described, but no hosted pricing is indicated (assumed self-hosted)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":56.8,"security_score":42.5,"reliability_score":26.2,"mcp_server_quality":70.0,"documentation_accuracy":70.0,"error_message_quality":null,"error_message_notes":"No explicit MCP error schema, tool-level error codes, or example payloads are provided in the README; assessment is based on narrative claims and the listed troubleshooting sections.","auth_complexity":55.0,"rate_limit_clarity":5.0,"tls_enforcement":20.0,"auth_strength":55.0,"scope_granularity":15.0,"dependency_hygiene":45.0,"secret_handling":75.0,"security_notes":"Strengths: credentials are claimed to be stored in macOS Keychain with a 4-hour TTL and renewed/expired handling; credential clearing tool exists. Concerns: README states SSL verification is disabled by default, which increases MITM risk unless configurable and overridden. The tool layer does not describe fine-grained scopes; authorization likely depends entirely on vSphere user permissions configured in the supplied credentials.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"Read-only tools (list/get) are effectively idempotent, but power operations are state-changing and idempotency semantics are not documented (e.g., whether power_on_vm on an already-powered-on VM is safe/treated as no-op).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["TLS verification is disabled by default per README; agents operating in strict security environments should ensure TLS verification is enabled/adjusted.","Network/VLAN extraction appears to rely on parsing network names; results may be inaccurate if naming conventions differ.","Authentication relies on credential caching with a TTL and may trigger GUI prompts; headless agent deployments may need a strategy for credential provisioning.","Power operations are potentially disruptive; agents should add safeguards (confirmations, inventory filtering, dry-run controls) before executing."]}}