UniFi MCP Server

19 tools. 5 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

5 can modify or destroy data
14 read-only
19 tools total

Community server · catalogue entry verified 30/06/2026

How to control UniFi MCP Server ↓

What UniFi MCP Server exposes to your agents

Read (14) Write / Execute (4) Destructive / Financial (1)
Critical Risk

The most dangerous UniFi MCP Server tools

5 of UniFi MCP Server's 19 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control UniFi MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and UniFi MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "unifi-port-profile-delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "unifi-port-profile-create": {
    "limits": [
      {
        "counter": "unifi-port-profile-create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "unifi-auth-status": {
    "limits": [
      {
        "counter": "unifi-auth-status_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register UniFi MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON UNIFI →

Instant setup, no code required.

All 19 UniFi MCP Server tools

READ 14 tools
Read unifi-auth-status Check UniFi authentication status and controller connectivity. Read unifi-bandwidth-audit Generate per-room bandwidth audit for all switches. Shows port name (room identifier), bandwidth limits, activ Read unifi-client-detail Get detailed info for a specific client by MAC address. Read unifi-client-history Get all known clients (including offline). Shows historical client data from the controller database. Read unifi-client-list List all active clients connected to the network. Optionally filter by wired/wireless. Read unifi-device-detail Get detailed info for a specific UniFi device by MAC address. Includes ports, firmware, uptime. Read unifi-device-list List all UniFi devices (switches, APs, gateways). Returns name, model, IP, state, firmware for each device. Read unifi-device-ports List all ports on a switch with status, speed, PoE, connected devices, and assigned port profile. Read unifi-firewall-policies List firewall policies from the v2 API. These may include traffic rules with bandwidth limits. Raw response fo Read unifi-network-detail Get full details of a specific network by ID. Returns all configuration including DHCP ranges. Read unifi-network-list List all configured networks (VLANs, corporate, guest). Shows name, subnet, VLAN, and DHCP settings. Read unifi-port-profile-detail Get full details of a specific port profile by ID. Returns raw API response for schema discovery. Read unifi-port-profiles List all port profiles (bandwidth/VLAN configs). Shows name, bandwidth limits, and forwarding mode. Read unifi-traffic-routes List traffic routes/rules. Returns raw API response for schema discovery — use this to investigate bandwidth_l

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about UniFi MCP Server

Can an AI agent delete data through the UniFi MCP Server MCP server? +

Yes. The UniFi MCP Server server exposes 1 destructive tools including unifi-port-profile-delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through UniFi MCP Server? +

The UniFi MCP Server server has 3 write tools including unifi-port-profile-create, unifi-port-profile-update, unifi-port-set-profile. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach UniFi MCP Server.

How many tools does the UniFi MCP Server MCP server expose? +

19 tools across 3 categories: Destructive, Read, Write. 14 are read-only. 5 can modify, create, or delete data.

How do I enforce a policy on UniFi MCP Server? +

Register the UniFi MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every UniFi MCP Server tool call.

Deterministic rules across all 19 UniFi MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

19 UniFi MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.