// SCAN REPORT

Nornir MCP Server

26 tools. 2 can modify or destroy data without limits.

2 write tools that can modify data. Rate limits recommended.

Last updated:

2 can modify or destroy data
24 read-only
26 tools total

Community server · catalogue entry verified 12/06/2026

How to control Nornir MCP Server ↓

TOOL MAP

What Nornir MCP Server exposes to your agents

Read (24) Write / Execute (2) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Nornir MCP Server tools

Execute · Medium traceroute This tool executes a network diagnostic command (traceroute) on network devices. Execute · High send_command Although the description claims 'read-only' and 'validated', the tool actively executes commands on live network devices via Nornir/NAPALM.

2 of Nornir MCP Server's 26 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Nornir MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Nornir MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "get_arp_table": {
    "limits": [
      {
        "counter": "get_arp_table_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Nornir MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON NORNIR →

Free to start. No card required.

FULL CATALOGUE

All 26 Nornir MCP Server tools

EXECUTE 2 tools
Execute traceroute Execute the traceroute command from the device to the specified destination. Execute send_command Send a validated read-only command or list of commands to the device.
READ 24 tools
Read get_arp_table Get the device's ARP (Address Resolution Protocol) table. Read get_bgp_config Retrieve BGP configuration from the device. Read get_bgp_neighbors Get a summary of BGP (Border Gateway Protocol) neighbors. Read get_bgp_neighbors_detail Obtain a detailed view of all BGP neighbors. Read get_config Use NAPALM to retrieve device configurations (running, startup, or candidate). Read get_facts Retrieve high-level facts and information about the device (e.g., vendor, model, serial number, OS version). Read get_interfaces Get a list of all network interfaces on the device. Read get_interfaces_counters Retrieve detailed RX/TX counters for all interfaces. Read get_interfaces_ip Get IP address information for all interfaces. Read get_ipv6_neighbors_table Retrieve the IPv6 Neighbor Discovery (NDP) table. Read get_lldp_neighbors Get a summary of LLDP (Link Layer Discovery Protocol) neighbors. Read get_lldp_neighbors_detail Obtain a detailed view of all LLDP neighbors. Read get_mac_address_table Get the device's MAC address table (forwarding database). Read get_network_instances Retrieve a list of network instances (e.g., VRFs). Read get_ntp_peers Get the status of NTP (Network Time Protocol) peers. Read get_ntp_servers Retrieve the list of configured NTP servers. Read get_ntp_stats Get NTP synchronization statistics. Read get_optics Retrieve diagnostics for optical modules (e.g., SFP, QSFP). Read get_probes_config Get configuration for any monitoring probes or tests running on the device. Read get_snmp_information Retrieve basic SNMP (Simple Network Management Protocol) configuration. Read get_users Get locally configured users on the device. Read get_vlans Retrieve the VLAN database from the device. Read is_alive Check health and reachability of the device management interface. Read list_all_hosts Return a minimal discovery list containing only the inventory device_name.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about Nornir MCP Server

Is the Nornir MCP Server MCP server safe to use without restrictions? +

The Nornir MCP Server server is primarily read-only with 24 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the Nornir MCP Server MCP server expose? +

26 tools across 3 categories: Execute, Read, Write. 24 are read-only. 2 can modify, create, or delete data.

How do I enforce a policy on Nornir MCP Server? +

Register the Nornir MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Nornir MCP Server tool call.

Deterministic rules across all 26 Nornir MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON NORNIR →

Free to start. No card required.

26 Nornir MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.