Skill

unifi-network

Manages UniFi network infrastructure including devices, clients, firewall, VPN, routing, WLANs, and statistics via 91 MCP server tools with lazy loading, safety gates, and confirmations.

infrastructure

security

npx claudepluginhub sirkirby/unifi-mcp --plugin unifi-network

Tool Access

This skill uses the workspace's default tool permissions.

Preview

You have access to a UniFi Network MCP server that lets you query and manage a UniFi Network Controller. It provides 91 tools covering devices, clients, firewall, VPN, routing, WLANs, statistics, and more.

Supporting Assets

references/network-tools.md

SKILL.md

Similar Skills

unifly

141

Manages Ubiquiti UniFi networks via unifly Rust CLI: VLANs, SSIDs, firewalls, NAT, DHCP, devices, clients, events, stats, DPI, backups.

13 files

unifly

unifi

586

Queries and monitors UniFi networks via local gateway API: lists devices and clients, health status, top DPI apps, recent alerts. For network status checks like 'who's connected' or 'UniFi health'.

9 files

sundial-org-awesome-openclaw-skills-4

firewall-manager

228

Manages UniFi firewall policies using natural language to create, modify, review rules, content filters, and traffic policies. Applies templates for IoT isolation, guest lockdown, and time-based controls.

9 files

unifi-network

Stats

Parent Repo Stars228

Parent Repo Forks42

Last CommitMar 25, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

UniFi Network MCP Server

Tool Discovery

The server uses lazy loading by default — only meta-tools are registered initially. Use them to find and call any tool:

Meta-Tool	Purpose
`unifi_tool_index`	List all 91 tools with full parameter schemas
`unifi_execute`	Call any tool by name (essential in lazy mode)
`unifi_batch`	Run multiple tools in parallel
`unifi_batch_status`	Check async batch job status

Workflow: Call unifi_tool_index to find the right tool, then unifi_execute to call it. For multiple independent queries, use unifi_batch — it's significantly faster than sequential calls.

Safety Model

The server is "secure by default" because it controls real network infrastructure.

Read operations — always available. All list_*, get_*, and query tools work without special permissions.

Mutations — permission-gated with mixed defaults:

Enabled by default: firewall policies, port forwards, traffic routes, QoS rules, VPN clients, ACL rules, vouchers, user groups
Disabled by default (high-risk): networks, WLANs, devices, clients, routes, VPN servers
Delete operations — always disabled by default

If a mutation fails with a permission error, tell the user the env var to set: UNIFI_POLICY_NETWORK_<CATEGORY>_<ACTION>=true

Confirmation flow — every mutation uses preview-then-confirm:

Default call → returns preview of what would change
Call with confirm=true → executes the mutation

Always preview first and show the user before confirming.

Response Format

All tools return: {"success": true, "data": ...}, {"success": false, "error": "..."}, or {"success": true, "requires_confirmation": true, "preview": ...}. Always check success first.

Device Classification

unifi_list_devices returns a device_category field that accurately classifies devices:

ap — real access points (excludes USP Smart Power strips that report as uap type)
switch — switches
gateway — UDM/USG gateways
pdu — smart power strips, UPS devices
wan — cable internet (UCI) devices

Use device_category (not type) when counting or filtering devices. The device_type filter parameter uses this classification.

Additional enriched fields: upgradable (bool), connection_network (VLAN name), uplink (topology), load_avg_1, mem_pct, model_eol.

Efficiency Tips

Batch reads — unifi_batch for parallel queries (biggest efficiency win)
unifi_lookup_by_ip — faster than listing all clients when you know the IP
Use filters — most list tools accept time range, type, and ID parameters
unifi_get_top_clients — fastest way to find bandwidth hogs
Check health first — unifi_get_network_health for quick "is everything OK?"
Device counts — use device_category field, not type, for accurate AP/switch/PDU counts

Authentication

Username and password are required (local admin credentials, not Ubiquiti SSO). API key support exists but is experimental — limited to read-only operations and a subset of tools.

To configure, run /unifi-network:setup or set env vars manually:

UNIFI_NETWORK_HOST=192.168.1.1
UNIFI_NETWORK_USERNAME=admin
UNIFI_NETWORK_PASSWORD=your-password

Other UniFi Servers

If the user also has cameras or door access control, other UniFi MCP plugins are available:

unifi-protect — security cameras, NVR, recordings, smart detections
unifi-access — door locks, credentials, visitors, access policies

Cameras and access readers appear as network clients — use unifi_lookup_by_ip to cross-reference if troubleshooting connectivity for those devices.

Tool Reference

For the complete list of all 91 tools organized by category with descriptions, tips, and common scenarios, read references/network-tools.md.