unifi-mcp

Name: unifi-mcp
Author: sirkirby

Verified

MCP servers for the UniFi suite of applications, Network, Protect, Access, and Drive

433stars

64forks

Python

Installation

# Add to your Claude Code skills
git clone https://github.com/sirkirby/unifi-mcp

Getting Started

Guides for using ai agents skills like unifi-mcp.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportVerified

Last scanned: 5/26/2026

{
  "issues": [],
  "status": "PASSED",
  "scannedAt": "2026-05-26T07:46:22.019Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is unifi-mcp?

unifi-mcp is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by sirkirby. MCP servers for the UniFi suite of applications, Network, Protect, Access, and Drive. It has 433 GitHub stars.

Is unifi-mcp safe to use?

Yes. unifi-mcp passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.

How do I install unifi-mcp?

Clone the repository with "git clone https://github.com/sirkirby/unifi-mcp" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is unifi-mcp written in?

unifi-mcp is primarily written in Python. It is open-source under sirkirby on GitHub, so you can review or fork the full source.

Are there alternatives to unifi-mcp?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh unifi-mcp against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

215,726

mcpstore align-dev

UniFi MCP

Leverage agents and agentic AI workflows to manage your UniFi deployment.

Servers

Server	Status	Tools	Package
Network	Stable	177	`unifi-network-mcp`
Protect	Beta	58	`unifi-protect-mcp`
Access	Beta	34	`unifi-access-mcp`

Cloud Relay

Component	Status	Package
Relay Sidecar	Beta	`unifi-mcp-relay`
Worker Gateway	Beta	`unifi-mcp-worker` (CLI)

The relay bridges your local MCP servers to a Cloudflare Worker, letting cloud agents access your UniFi tools without exposing local ports. Supports multi-location with annotation-based fan-out for read-only tools. Deploy the worker with npm install -g unifi-mcp-worker && unifi-mcp-worker install, then see the relay README for connecting your local servers.

REST + GraphQL API (non-MCP)

Component	Status	Package
API Server	Beta	`unifi-api-server` · GHCR image

unifi-api-server is a standalone HTTP service exposing the same UniFi capabilities as the MCP servers, but as a REST + GraphQL API for desktop apps, dashboards, and any consumer that doesn't speak MCP. It runs independently of the MCP servers — both share the unifi-core manager packages, neither depends on the other being running. See apps/api/README.md for quick-start and deployment patterns.

What is this?

UniFi MCP is a collection of Model Context Protocol servers that let AI assistants and automation tools interact with Ubiquiti UniFi controllers. Each server targets a specific UniFi application (Network, Protect, Access) and exposes its functionality as MCP tools — queryable, composable, and safe by default.

MCP Discovery

UniFi MCP keeps the standard MCP path primary: capable clients discover currently registered tools with tools/list and invoke them with tools/call. The default lazy mode keeps initial context small by exposing UniFi meta-tools first, while eager mode registers all selected domain tools directly for clients that prefer a full standard tool list.

The *_tool_index, *_execute, *_batch, and *_load_tools surfaces are UniFi compatibility extensions for large catalogs, lazy loading, and relay workflows. See MCP Discovery and UniFi Meta-Tools for mode-by-mode behavior.

Quick Start

Claude Code (recommended)

Install via the plugin marketplace — includes the MCP server, an agent skill, and guided setup:

/plugin marketplace add sirkirby/unifi-mcp
/plugin install unifi-network@unifi-plugins
/unifi-network:unifi-network-setup

Repeat for Protect or Access if needed:

/plugin install unifi-protect@unifi-plugins
/plugin install unifi-access@unifi-plugins

Each plugin's setup command walks you through connecting to your controller and configuring permissions.

Codex

codex plugin marketplace add sirkirby/unifi-mcp

Launch codex, run /plugins, open the UniFi MCP marketplace, and install unifi-network, unifi-protect, or unifi-access. After installing, ask Codex to run the plugin's setup skill, for example:

Use the unifi-network-setup skill to configure this for Codex.

The setup skill registers the MCP server with codex mcp add, stores the selected environment values in Codex's MCP configuration, and keeps the same preview-before-confirm safety model as Claude Code.

UniFi account requirements

The MCP servers authenticate to the local UniFi controller APIs with a local admin/service account. Do not use a Ubiquiti SSO cloud account for MCP setup. For Network MCP today, accounts that require SSO MFA or local 2FA are not supported through configuration; use a dedicated local admin account without MFA for the service account, scoped to the permissions you are comfortable giving the MCP server.

OpenClaw

OpenClaw can install the same UniFi plugin bundles from the marketplace and map their skills plus MCP server definitions into embedded Pi sessions:

openclaw plugins install unifi-network --marketplace https://github.com/sirkirby/unifi-mcp
openclaw gateway restart

Then run the matching setup skill from OpenClaw (unifi-network-setup, unifi-protect-setup, or unifi-access-setup), or configure the server directly:

openclaw mcp set unifi-network '{
  "command": "uvx",
  "args": ["--python-preference", "system", "unifi-network-mcp@latest"],
  "env": {
    "UNIFI_NETWORK_HOST": "192.168.1.1",
    "UNIFI_NETWORK_USERNAME": "admin",
    "UNIFI_NETWORK_PASSWORD": "your-password"
  }
}'

Repeat with unifi-protect or unifi-access as needed. Restart the OpenClaw Gateway after changing MCP server configuration.

Other MCP clients

Run the servers directly:

uvx unifi-network-mcp@latest
uvx unifi-protect-mcp@latest
uvx unifi-access-mcp@latest

For Claude Desktop, add to your claude_desktop_config.json:

{
  "mcpServers": {
    "unifi-network": {
      "command": "uvx",
      "args": ["unifi-network-mcp@latest"],
      "env": {
        // Server-specific vars take priority; UNIFI_* is the fallback
        "UNIFI_NETWORK_HOST": "192.168.1.1",
        "UNIFI_NETWORK_USERNAME": "admin",
        "UNIFI_NETWORK_PASSWORD": "your-password"
      }
    },
    "unifi-protect": {
      "command": "uvx",
      "args": ["unifi-protect-mcp@latest"],
      "env": {
        "UNIFI_PROTECT_HOST": "192.168.1.1",
        "UNIFI_PROTECT_USERNAME": "admin",
        "UNIFI_PROTECT_PASSWORD": "your-password"
      }
    },
    "unifi-access": {
      "command": "uvx",
      "args": ["unifi-access-mcp@latest"],
      "env": {
        "UNIFI_ACCESS_HOST": "192.168.1.1",
        "UNIFI_ACCESS_USERNAME": "admin",
        "UNIFI_ACCESS_PASSWORD": "your-password"
      }
    }
  }
}

Tip: If all servers connect to the same controller, you can use the shared UNIFI_HOST / UNIFI_USERNAME / UNIFI_PASSWORD variables instead of repeating them per server.

Usage Examples

Once connected, just ask your AI agent in natural language:

Network

"Show me all clients on the Guest VLAN with their signal strength and data usage" "Create a firewall rule that blocks IoT devices from reaching the internet between midnight and 6 AM" "Audit my firewall policies — are there any redundant or conflicting rules?" "Show me the top traffic flows from the last hour and group them by destination"

Protect

"List all cameras that detected motion in the last hour" "Show me smart detection events from the front door camera today — people and vehicles only" "Find driveway detections for white vans this week"

Access

"Who badged into the office today? Show me a timeline of all door access events" "Create a visitor pass for John Smith with access to the main entrance tomorrow 9-5"

Cross-Product (requires relay for full experience)

"Show me everything that happened at the front entrance in the last hour" — correlates Network clients, Protect camera events, and Access badge scans in a single timeline "A switch went offline at 2 AM — was there physical activity nearby?"

All mutations use a preview-then-confirm flow — you see exactly what will change before anything is applied.

Configuration

Set these environment variables (or use a .env file):

Variable	Required	Description
`UNIFI_HOST`	Yes	Controller IP or hostname
`UNIFI_USERNAME`	Yes	Local admin/service account username; do not use a Ubiquiti SSO account
`UNIFI_PASSWORD`	Yes	Password for the local account
`UNIFI_API_KEY`	No	UniFi API key (experimental — limited to read-only, subset of tools)

Multi-controller setups

Each server supports its own prefixed environment variables that take priority over the shared UNIFI_* variables. This lets you point the Network and Protect servers at different controllers (or different credentials) while keeping a single .env file:

Shared (fallback)	Network server	Protect server	Access server
`UNIFI_HOST`	`UNIFI_NETWORK_HOST`	`UNIFI_PROTECT_HOST`	`UNIFI_ACCESS_HOST`
`UNIFI_USERNAME`	`UNIFI_NETWORK_USERNAME`	`UNIFI_PROTECT_USERNAME`	`UNIFI