// SCAN REPORT

UniFi MCP

29 tools. 10 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

10 can modify or destroy data
19 read-only
29 tools total

Community server · catalogue entry verified 12/06/2026

How to control UniFi MCP ↓

TOOL MAP

What UniFi MCP exposes to your agents

Read (19) Write / Execute (9) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous UniFi MCP tools

Destructive · High forget_client This tool permanently deletes historical data associated with a client device or user. Execute · High restart_device Restarting a device is an Execute-class action that disrupts network services, potentially affecting multiple clients and operations. Execute · Medium start_spectrum_scan This tool executes an operation on network hardware (RF spectrum scan on an access point) whose effects depend on which access point is targeted as an argument. Execute · High authorize_guest On UniFi controllers, authorizing a guest grants network access through the guest portal/captive portal.

10 of UniFi MCP's 29 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control UniFi MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and UniFi MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "forget_client": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "unblock_client": {
    "limits": [
      {
        "counter": "unblock_client_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_alarms": {
    "limits": [
      {
        "counter": "get_alarms_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register UniFi MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON UNIFI →

Free to start. No card required.

FULL CATALOGUE

All 29 UniFi MCP tools

DESTRUCTIVE 1 tools
Destructive forget_client Remove historical data for a client (GDPR compliance).
EXECUTE 6 tools
Execute restart_device Restart a UniFi device. Execute start_spectrum_scan Start RF spectrum scan on access point. Execute authorize_guest authorize_guest Execute block_client Block a client from accessing the network. Execute locate_device Trigger locate LED on a UniFi device. Execute reconnect_client Force reconnection of a client device.
WRITE 3 tools
Write unblock_client Unblock a previously blocked client. Write set_client_name set_client_name Write set_client_note set_client_note
READ 19 tools
Read get_alarms Get controller alarms. Read get_clients get_clients Read get_controller_status Get controller system information and status. Read get_device_by_mac Get specific device details by MAC address with formatted output. Read get_devices Get all devices with clean, formatted summaries. Read get_dpi_stats Get Deep Packet Inspection (DPI) statistics. Read get_events Get recent controller events. Read get_firewall_groups Get firewall groups for security management. Read get_firewall_rules Get firewall rules for security audit and management. Read get_ips_events get_ips_events Read get_network_configs Get network/VLAN configurations. Read get_port_configs Get switch port profile configurations. Read get_port_forwarding_rules Get port forwarding rules. Read get_rogue_aps get_rogue_aps Read get_sites Get all controller sites with health information. Read get_spectrum_scan_state Get RF spectrum scan state and results. Read get_speedtest_results Get historical internet speed test results. Read get_static_routes Get static routes for advanced network routing analysis. Read get_wlan_configs Get wireless network (WLAN) configurations.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about UniFi MCP

Can an AI agent delete data through the UniFi MCP server? +

Yes. The UniFi MCP server exposes 1 destructive tools including forget_client. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through UniFi MCP? +

The UniFi MCP server has 3 write tools including unblock_client, set_client_name, set_client_note. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach UniFi MCP.

How many tools does the UniFi MCP server expose? +

29 tools across 4 categories: Destructive, Execute, Read, Write. 19 are read-only. 10 can modify, create, or delete data.

How do I enforce a policy on UniFi MCP? +

Register the UniFi MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every UniFi MCP tool call.

Deterministic rules across all 29 UniFi MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON UNIFI →

Free to start. No card required.

29 UniFi MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.