Model Context Protocol (MCP) servers for managing homelab infrastructure through Claude Desktop. Monitor Docker/Podman containers, Ollama AI models, Pi-hole DNS, Unifi networks, and Ansible inventory. Includes security checks, templates, and automated pre-push validation. Production-ready for homelabs.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"homelab-unified": {
"args": [
"C:\\Path\\To\\Homelab-MCP\\homelab_unified_mcp.py"
],
"command": "python"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Model Context Protocol (MCP) servers for managing homelab infrastructure through Claude Desktop.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@modelcontextprotocol/inspector' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
LiteLLM: Authentication Bypass via Host Header Injection
### Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()`, which Starlette reconstructs from the `Host` header. A crafted `Host` could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. **Most deployments are not affected.** The bypass
LiteLLM: Authentication bypass via OIDC userinfo cache key collision
### Impact When JWT authentication is enabled (`enable_jwt_auth: true`), the OIDC userinfo cache uses `token[:20]` as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. **Most instances are not affected.** An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and
LiteLLM has SQL Injection in Proxy API key verification
### Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted `Authorization` header to any LLM API route (for example `POST /chat/completions`) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy an
litellm vulnerable to remote code execution based on using eval unsafely
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the `add_deployment` function, which decodes and decrypts environment variables from base64 and assigns them to `os.environ`. An attacker can exploit this by sending a malicious payload to the `/config/update` endpoint, which is then processed and executed by the server when the `get_secret` function is triggered. This requires the server to use Google KMS and
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml
Dynamic problem-solving through sequential thought chains
Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.
Persistent memory using a knowledge graph
Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.
MCP Security Weekly
Get CVE alerts and security updates for Homelab Mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Model Context Protocol (MCP) servers for managing homelab infrastructure through Claude Desktop.
A collection of Model Context Protocol (MCP) servers for managing and monitoring your homelab infrastructure through Claude Desktop.
⚠️ IMPORTANT: Please read SECURITY.md before deploying this project.
This project interacts with critical infrastructure (Docker APIs, DNS, network devices). Improper configuration can expose your homelab to security risks.
Key Security Requirements:
.env file secure - Contains API keys and should never be committedSee SECURITY.md for comprehensive security guidance.
This project includes several documentation files for different audiences:
👥 For End Users: Follow this README + copy PROJECT_INSTRUCTIONS.md to Claude 🔄 Migrating from v1.x? See MIGRATION_V3.md for unified server migration 🤖 For AI Assistants: Read CLAUDE.md for complete development context 🔧 For Contributors: Start with CONTRIBUTING.md and CLAUDE.md
After setting up the MCP servers, create your personalized project instructions:
Copy the example template:
# Windows
copy PROJECT_INSTRUCTIONS.example.md PROJECT_INSTRUCTIONS.md
# Linux/Mac
cp PROJECT_INSTRUCTIONS.example.md PROJECT_INSTRUCTIONS.md
Edit the file with your actual infrastructure details:
PROJECT_INSTRUCTIONS.md (for Claude Desktop project instructions):
CLAUDE_CUSTOM.md (for AI development work - contributors only):