Official (Vendor)Active· 8d★ 4.3by Portainer
Portainer MCP
Official Portainer MCP for managing environments, users, stacks, and running Docker or Kubernetes commands via AI.
B
Safety & Trust
Delv Safety Grade: B
Score 72/100 · assessed 2026-04-28
Maintainer85
Permissions40
Supply chain55
Transparency80
Incidents100
Portainer MCP is the official integration from Portainer.io, a well-established container management platform. The maintainer legitimacy is strong given Portainer's commercial backing and active development community. However, the permissions surface is extremely broad: it grants full Docker and Kubernetes orchestration capabilities, including stack deployment, container execution, user management, and arbitrary command execution across environments. The supply chain is weaker than ideal—installation requires manually downloading a tarball from GitHub releases rather than using a standard package registry, and there's no npm/PyPI distribution with version pinning. The tool is fully open source with reasonable documentation. No known security incidents. This is appropriate for teams already trusting Portainer with their infrastructure, but represents significant privilege escalation if the AI or credentials are compromised.
Lethal Trifecta (prompt-injection exposure)
ONE OF THREEPrivate dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsNo
Can send data outbound
UI on top of Docker. Same risk.
Green flags
- Official vendor integration from established Portainer team
- Open source with visible development on GitHub
- Maps directly to documented Portainer API surface
- No known security incidents or CVEs
- Active commercial backing and maintenance
Red flags
- Full container orchestration access including arbitrary command execution
- Manual tarball install from GitHub releases, no package registry
- Requires API token with broad Portainer permissions
- Can deploy stacks and modify production Kubernetes/Docker environments
- User management capabilities could alter access controls
Permissions requested
Outbound networkAccess secretsShell executeDB writeIdentity write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
curl -Lo portainer-mcp.tar.gz https://github.com/portainer/portainer-mcp/releases/latest
Env vars needed:
PORTAINER_URLPORTAINER_TOKENReview
Portainer MCP connects Claude to your Portainer instance, letting you manage Docker and Kubernetes environments through natural language. You can deploy stacks, query container status, manage users, and run commands across environments without leaving your AI chat. It's the official integration from Portainer themselves, which means it maps cleanly to their API surface.
I'd reach for this if I'm already running Portainer and want to script repetitive admin tasks through Claude. The workflow that clicks: asking Claude to deploy a new stack to a staging environment, then check its health status, all in one conversation. It beats switching between browser tabs and remembering which environment ID maps to which project. The MCP handles authentication via API tokens, so you're not exposing credentials in prompts.
Quirks: it's a binary release, not an npm package, so installation is manual. You download a tarball, extract it, and point your Claude config at the binary. Not hard, but it's a step removed from the usual npx flow. The server expects PORTAINER_URL and PORTAINER_TOKEN as environment variables, which you'll need to generate from your Portainer UI first. Documentation is light on edge cases - I'd have liked more detail on permission scoping for the token.
This is genuinely useful if you manage multiple Portainer environments or run a homelab where you're constantly tweaking stacks. It's less compelling if you're a solo developer with one Docker host and no Portainer installation. The value scales with the complexity of your setup. If you're already paying for Portainer Business, this MCP becomes a force multiplier for team workflows - you can ask Claude to provision environments for new projects or audit user permissions across instances.
Skip it if you don't use Portainer at all, or if you're happy with the web UI for occasional tasks. The setup overhead only pays off if you're doing repetitive container management that benefits from AI assistance.
Verdict
Install this if you're a Portainer user who manages multiple environments or stacks regularly. The natural language interface saves real time on repetitive admin work. Skip it if you're not already invested in Portainer or only touch containers occasionally.
Good at
- Official integration means it tracks Portainer's API properly and won't break on version updates.
- Natural language stack deployment beats clicking through the web UI for repetitive tasks.
- Handles multi-environment setups well - you can switch contexts in conversation without manual navigation.
- Token-based auth keeps credentials out of prompts and logs.
Watch out
- Binary distribution instead of npm means manual installation and updates.
- Documentation is sparse on permission scoping and error handling.
- Only useful if you already run Portainer - it's not a general Docker MCP.
- No built-in safeguards for destructive operations - Claude will delete stacks if you ask it to.
Use cases
- container platform admin
- team environment management
- stack deployment
- homelab orchestration
Getting started
1. Download the latest release: `curl -Lo portainer-mcp.tar.gz https://github.com/portainer/portainer-mcp/releases/latest`, then extract it to a permanent location.
2. Generate an API token from your Portainer UI (User settings > Access tokens) with appropriate permissions for the operations you want Claude to perform.
3. Add the server to your Claude Desktop config with `PORTAINER_URL` set to your instance URL and `PORTAINER_TOKEN` set to the token you just created. Point `command` at the extracted binary path.
4. Restart Claude Desktop, then ask it to list your Portainer environments to verify the connection works.
5. Watch out: the token permissions matter. If Claude can't perform an action, check that your token has the right scope in Portainer's access control settings.
Works with
Claude DesktopClaude CodeCursor
Similar MCPs
- ESXi MCPManages VMware ESXi and vCenter for VM lifecycle and real-time performance monitoring via REST and SSE.
- TerraformHashiCorp's official Terraform MCP. Connects agents to the Terraform Registry for module discovery and infrastructure-as-code automation.
- HerokuHeroku's official MCP. Manage apps, databases, dynos, and pipelines through the platform CLI from inside an agent.
- AWS LabsAWS Labs ships a growing family of MCPs for S3, Lambda, EKS, CDK, etc. Modular install — pick the services you actually use.