Hetzner MCP Server

40 tools. 23 can modify or destroy data without limits.

7 destructive tools with no built-in limits. Policy required.

Last updated:

23 can modify or destroy data
17 read-only
40 tools total

Community server · catalogue entry verified 02/07/2026

How to control Hetzner MCP Server ↓

What Hetzner MCP Server exposes to your agents

Read (17) Write / Execute (16) Destructive / Financial (7)
Critical Risk

The most dangerous Hetzner MCP Server tools

23 of Hetzner MCP Server's 40 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Hetzner MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Hetzner MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "hetzner_create_storage_box": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "hetzner_delete_server": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "hetzner_attach_volume": {
    "limits": [
      {
        "counter": "hetzner_attach_volume_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "hetzner_detach_volume": {
    "limits": [
      {
        "counter": "hetzner_detach_volume_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Hetzner MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON HETZNER →

Instant setup, no code required.

All 40 Hetzner MCP Server tools

WRITE 13 tools
Write hetzner_attach_volume Attach a Cloud Volume to a server. The server must be in the same location as the volume. The volume must be Write hetzner_change_storage_box_protection Enable or disable delete protection for a Storage Box. When delete protection is enabled, the Storage Box can Write hetzner_change_storage_box_type Upgrade or downgrade a Storage Box plan. ⚠️ WARNING: Downgrading to a smaller plan may cause data loss if cur Write hetzner_create_server Create a new server. Required parameters: - name: Server name (letters, digits, hyphens) - server_type: Insta Write hetzner_create_ssh_key Add a new SSH public key to the project. The SSH key can then be used when creating servers to enable SSH acc Write hetzner_create_storage_box_snapshot Trigger an on-demand snapshot for a Storage Box. Optional \ Write hetzner_create_storage_box_subaccount Create a new subaccount for a Storage Box. The subaccount gets an auto-generated username (e.g., u12345-sub1) Write hetzner_disable_storage_box_snapshot_plan Disable the automatic snapshot schedule for a Storage Box. Write hetzner_enable_storage_box_snapshot_plan Enable an automatic snapshot schedule for a Storage Box. Schedule options: - Daily: set hour (0-23), leave da Write hetzner_reset_storage_box_password Reset the password for a Storage Box. Password policy: minimum 12 characters, must include uppercase, lowerca Write hetzner_update_storage_box Update a Storage Box (rename, change labels, or toggle auto-delete). Write hetzner_update_storage_box_access_settings Update protocol access settings for a Storage Box (SSH, Samba, WebDAV, ZFS, external reachability). Write hetzner_update_storage_box_subaccount Update access settings or comment for a Storage Box subaccount.
READ 17 tools
Read hetzner_detach_volume Detach a Cloud Volume from its server. ⚠️ Ensure the volume is unmounted inside the OS before detaching to av Read hetzner_get_server Get detailed information about a specific server. Read hetzner_get_server_metrics Get real-time performance metrics for a server (CPU, disk I/O, network). Queries the Hetzner Metrics API and Read hetzner_get_server_ram Query a server Read hetzner_get_ssh_key Get details of a specific SSH key by ID. Read hetzner_get_storage_box Get detailed information about a specific Storage Box. Read hetzner_get_volume Get detailed information about a specific Cloud Volume. Useful for confirming the actual mount path (\ Read hetzner_list_images List available OS images for creating servers. Returns system images (operating systems) like Ubuntu, Debian, Read hetzner_list_locations List available datacenter locations. Returns all Hetzner datacenter locations where you can create servers: - Read hetzner_list_server_types List all available server types (instance sizes) with their specs and pricing. Returns information about avai Read hetzner_list_servers List all servers in the project. By default fetches all pages (cap: ${PAGINATION_HARD_CAP_PAGES} pages × ${CL Read hetzner_list_ssh_keys List all SSH keys in the project. By default fetches all pages (cap: ${PAGINATION_HARD_CAP_PAGES} pages × ${C Read hetzner_list_storage_box_folders List top-level folders inside a Storage Box. Read hetzner_list_storage_box_snapshots List snapshots for a specific Storage Box. By default fetches all pages (cap: ${PAGINATION_HARD_CAP_PAGES} pa Read hetzner_list_storage_box_subaccounts List subaccounts for a specific Storage Box. By default fetches all pages (cap: ${PAGINATION_HARD_CAP_PAGES} Read hetzner_list_storage_boxes List Storage Boxes in the account. By default fetches all pages (cap: ${PAGINATION_HARD_CAP_PAGES} pages × ${ Read hetzner_list_volumes List all Cloud Volumes in the project. By default fetches all pages (cap: ${PAGINATION_HARD_CAP_PAGES} pages

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Hetzner MCP Server

Can an AI agent move money through the Hetzner MCP Server MCP server? +

Yes. The Hetzner MCP Server server exposes 1 financial tools including hetzner_create_storage_box. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Hetzner MCP Server MCP server? +

Yes. The Hetzner MCP Server server exposes 6 destructive tools including hetzner_delete_server, hetzner_delete_ssh_key, hetzner_delete_storage_box. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Hetzner MCP Server? +

The Hetzner MCP Server server has 13 write tools including hetzner_attach_volume, hetzner_change_storage_box_protection, hetzner_change_storage_box_type. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Hetzner MCP Server.

How many tools does the Hetzner MCP Server MCP server expose? +

40 tools across 4 categories: Destructive, Execute, Read, Write. 17 are read-only. 23 can modify, create, or delete data.

How do I enforce a policy on Hetzner MCP Server? +

Register the Hetzner MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Hetzner MCP Server tool call.

Deterministic rules across all 40 Hetzner MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

40 Hetzner MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.