Is io.github.itunified-io/tailscale safe to use?

io.github.itunified-io/tailscale has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.itunified-io/tailscale?

io.github.itunified-io/tailscale supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can io.github.itunified-io/tailscale do?

io.github.itunified-io/tailscale provides 19 tools: tailscale_device_list, tailscale_device_get, tailscale_device_delete, tailscale_device_authorize, tailscale_device_routes_get and 14 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.itunified-io/tailscale?

io.github.itunified-io/tailscale is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is io.github.itunified-io/tailscale actively maintained?

io.github.itunified-io/tailscale is recently maintained — last commit was 39 days ago.

io.github.itunified-io/tailscale

tailscale-mcp

Secure MCP access for private infrastructure over Tailscale — 48 tools across 9 domains

16/wk 19 tools GitHub npm

No known CVEs

No license

Maintained

Last commit 39d ago

Works with most clients

Transport: stdio, sse, http

19 tools · ~1.0k tok

Grade B · 0.5% of 200K ctx

Edit this pageView history

DevOps Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tailscale": {
      "env": {
        "TAILSCALE_API_KEY": "your-api-key-here",
        "TAILSCALE_TAILNET": "your-tailnet-name"
      },
      "args": [
        "/path/to/mcp-tailscale/dist/index.js"
      ],
      "command": "node",
      "comment": "Or use OAuth: TAILSCALE_OAUTH_CLIENT_ID + TAILSCALE_OAUTH_CLIENT_SECRET instead of TAILSCALE_API_KEY"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-itunified-io-tailscale)](https://mcppedia.org/s/io-github-itunified-io-tailscale)

Read me

What io.github.itunified-io/tailscale does

Secure MCP access for private infrastructure over Tailscale

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'tailscale-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

78/100across 5 weighted dimensions

How we score →

0255075100

−22

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked tailscale-mcp against OSV.dev.

Inventory

Tools (19)

Click any tool to inspect its schema.

~1.0k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.itunified-io/tailscale safe to use?: io.github.itunified-io/tailscale has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.itunified-io/tailscale?: io.github.itunified-io/tailscale supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.itunified-io/tailscale do?: io.github.itunified-io/tailscale provides 19 tools: tailscale_device_list, tailscale_device_get, tailscale_device_delete, tailscale_device_authorize, tailscale_device_routes_get and 14 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.itunified-io/tailscale?: io.github.itunified-io/tailscale is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.itunified-io/tailscale actively maintained?: io.github.itunified-io/tailscale is recently maintained — last commit was 39 days ago.

Similar servers

Others in devops / security

View all →

Mcp Gitlab96

MCP server for using the GitLab API

1.5k 12

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Alibabacloud Devops Mcp Server92

Yunxiao MCP Server provides AI assistants with the ability to interact with the Yunxiao platform. It provides a set of tools that interact with Yunxiao's API, allowing AI assistants to manage Codeup repository, Project, Pipeline, Packages etc.

110 7

Mcp Gitlab Server92

Enhanced MCP server for GitLab: group projects listing and activity tracking

50 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.itunified-io/tailscale and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

DevOps Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tailscale": {
      "env": {
        "TAILSCALE_API_KEY": "your-api-key-here",
        "TAILSCALE_TAILNET": "your-tailnet-name"
      },
      "args": [
        "/path/to/mcp-tailscale/dist/index.js"
      ],
      "command": "node",
      "comment": "Or use OAuth: TAILSCALE_OAUTH_CLIENT_ID + TAILSCALE_OAUTH_CLIENT_SECRET instead of TAILSCALE_API_KEY"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-itunified-io-tailscale)](https://mcppedia.org/s/io-github-itunified-io-tailscale)

Read me

What io.github.itunified-io/tailscale does

Secure MCP access for private infrastructure over Tailscale

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'tailscale-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

mcp-tailscale

Secure MCP access for private infrastructure over Tailscale

The Problem

AI agents need access to internal tools, services, and infrastructure — but exposing private systems to the internet creates unacceptable security risks. VPNs are complex, SSH tunnels are fragile, and API gateways add latency and maintenance overhead.

mcp-tailscale bridges this gap: a lightweight MCP server that gives AI agents secure, authenticated access to your Tailscale-connected infrastructure — without exposing anything to the public internet.

What It Does

mcp-tailscale is an MCP Gateway Runtime that connects AI agents (Claude, GPT, custom) to your private infrastructure through Tailscale's zero-trust network. It provides 48 tools across 9 domains for managing devices, DNS, ACL policies, auth keys, users, webhooks, posture integrations, and tailnet settings — all through the Tailscale API v2.

No SSH. No shell execution. API-only. 4 runtime dependencies.

Use Cases

DevOps Automation — Let AI agents manage device authorization, subnet routes, and ACL policies across your tailnet
DNS Management — Configure split DNS, global nameservers, and MagicDNS through natural language
Security Auditing — Automated ACL policy validation, posture compliance checks, and key rotation
Fleet Management — Monitor device status, manage tags, and onboard new devices at scale
Infrastructure as Conversation — Query and modify your private network configuration through AI-driven workflows

Quick Start

Install from npm

npm install -g tailscale-mcp

Or clone and build from source

git clone https://github.com/itunified-io/mcp-tailscale.git
cd mcp-tailscale
npm install
cp .env.example .env   # Edit with your Tailscale API key and tailnet name
npm run build
node dist/index.js     # stdio transport for MCP

HashiCorp Vault Integration (Optional)

mcp-tailscale supports opportunistic secret loading from HashiCorp Vault via AppRole authentication. This lets you store your Tailscale credentials centrally in Vault and avoid passing sensitive values through MCP config files or shell environment variables.

How It Works

At startup, the server checks whether NAS_VAULT_ADDR is set. If it is, it authenticates to Vault using AppRole credentials, reads the KV v2 secret at <mount>/data/tailscale/api, and injects the values into the process environment before the Tailscale client is initialized.

Opportunistic loading — if NAS_VAULT_ADDR is unset, the Vault loader is a silent no-op. The server behaves exactly as without Vault.
Silent fallback — if Vault is unreachable, authentication fails, or the secret path is missing, a single-line warning is written to stderr and the server falls back to whatever environment variables are already set.
No new runtime dependencies — the loader uses the global fetch available in Node.js 20+ (no extra packages).
Secret values are never logged — only the KV path name and a populated-count appear in stderr diagnostics.

Precedence

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

78/100across 5 weighted dimensions

How we score →

0255075100

−22

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked tailscale-mcp against OSV.dev.

Inventory

Tools (19)

Click any tool to inspect its schema.

~1.0k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.itunified-io/tailscale safe to use?: io.github.itunified-io/tailscale has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.itunified-io/tailscale?: io.github.itunified-io/tailscale supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.itunified-io/tailscale do?: io.github.itunified-io/tailscale provides 19 tools: tailscale_device_list, tailscale_device_get, tailscale_device_delete, tailscale_device_authorize, tailscale_device_routes_get and 14 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.itunified-io/tailscale?: io.github.itunified-io/tailscale is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.itunified-io/tailscale actively maintained?: io.github.itunified-io/tailscale is recently maintained — last commit was 39 days ago.