Safe Tp Link Omada Mcp
@gaspareduard
About Safe Tp Link Omada Mcp
Security-first MCP server for TP-Link Omada, with a stdio-first runtime, capability-gated tools, and OpenAPI-based network automation.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"safe-omada": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"OMADA_BASE_URL=https://your-omada-controller.local",
"-e",
"OMADA_CLIENT_ID=your-client-id",
"-e",
"OMADA_CLIENT_SECRET=your-client-secret",
"-e",
"OMADA_OMADAC_ID=your-omadac-id",
"-e",
"OMADA_SITE_ID=your-site-id",
"-e",
"OMADA_STRICT_SSL=true",
"ghcr.io/ailivesinterminal/omada-mcp:latest"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Safe Tp Link Omada Mcp?
A security-focused MCP server for TP-Link Omada Open API workflows. It provides a controlled, auditable interface to manage Omada controllers, sites, devices, and clients through MCP tools.
How to use Safe Tp Link Omada Mcp?
Configure environment variables (OMADA_BASE_URL, OMADA_CLIENT_ID, etc.) and run via Docker with Claude Desktop or directly. Alternatively, install locally with npm install, build, and start. The server communicates over stdio by default; HTTP is available only as an explicitly unsafe lab mode.
Key features of Safe Tp Link Omada Mcp
- Production-safe baseline using stdio transport.
- Omada credentials managed exclusively via environment variables.
- Capability profiles and category gating control tool exposure.
- Destructive tool confirmation gate for irreversible operations.
- Auditable mutation summaries on write actions.
- Validated against Omada Controller 5.x/6.x Open API surface.
Use cases of Safe Tp Link Omada Mcp
- List and manage Omada sites, devices, and clients programmatically.
- Monitor network health and client activity statistics.
- Perform controlled write operations like rebooting devices or blocking clients.
- Automate routine network administration with safety guards.
FAQ from Safe Tp Link Omada Mcp
What environment variables are required?
OMADA_BASE_URL, OMADA_CLIENT_ID, OMADA_CLIENT_SECRET, and OMADA_OMADAC_ID are required. OMADA_SITE_ID is optional.
What is the default capability profile?
The default profile is safe-read, which grants read-only operational visibility. Other profiles include ops-write, admin, and compatibility.
How does the destructive tool confirmation work?
Tools like restoreController require confirmDangerous: true. Without it, the tool returns a warning instead of executing. This gate is effective in conversational AI sessions but does not prevent autonomous agents from bypassing it.
Is HTTP transport supported?
HTTP is not part of the supported production baseline. It only starts when both MCP_SERVER_USE_HTTP=true and MCP_UNSAFE_ENABLE_HTTP=true are set, and is intended only for local lab/debug scenarios.
How do I run Safe Tp Link Omada Mcp with Docker?
Pull the image from ghcr.io/gaspareduard/omada-mcp:latest, then add a server entry in your Claude Desktop MCP config with the required environment variables and run command.

Comments