Delv
CommunityActive· 15d4.3by pab1it0

Prometheus MCP

Queries and analyses Prometheus metrics for observability workflows, packaged as a container image.

View repo
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer40
Permissions75
Supply chain45
Transparency65
Incidents100

Prometheus MCP is a community-built server from solo developer pab1it0 that queries Prometheus metrics via PromQL. It's read-only against your monitoring stack, which limits blast radius, but requires network access to your Prometheus endpoint and reads environment variables for configuration. The Docker-only distribution sidesteps language dependency issues but introduces container supply-chain concerns: you're pulling from GitHub Container Registry without npm or PyPI's review ecosystem, and there's no package versioning or signed releases. The maintainer appears to be a single individual with no established track record in the MCP ecosystem. Transparency is moderate—the repo is open source with basic documentation—but there's no changelog, no issue tracker activity, and minimal community validation. No security incidents are known, but the narrow bus factor and opaque supply chain warrant caution in production environments.

Lethal Trifecta (prompt-injection exposure)

TWO OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Metric labels and series can carry attacker strings if exporters are misconfigured. Mostly 2/3.

Green flags

  • Read-only queries limit potential damage to monitoring infrastructure
  • Open source repository allows code inspection before deployment
  • Scoped to single domain: metrics querying via PromQL
  • Container packaging isolates dependencies from host system

Red flags

  • Solo maintainer with no established reputation or community validation
  • Docker-only distribution bypasses standard package registry review processes
  • No versioning scheme or signed container images in ghcr.io
  • Requires network access to internal Prometheus endpoints
  • No changelog, minimal docs, thin issue tracker activity

Permissions requested

Outbound networkPrivate networkRead env
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

docker run ghcr.io/pab1it0/prometheus-mcp-server:latest
Env vars needed: PROMETHEUS_URL

Review

Prometheus MCP bridges Claude to your metrics stack, letting you query time-series data and debug alerts without leaving the chat. Point it at a Prometheus endpoint via environment variable, and you can ask Claude to pull CPU usage for the last hour, explain why a particular alert fired, or generate PromQL queries from plain English. It's packaged as a container image, which is both convenient (no Python dependency hell) and slightly awkward (you need Docker running locally). I'd reach for this when I'm triaging an incident and want to quickly correlate metrics across services without opening Grafana in fifteen tabs. The PromQL generation is genuinely useful if you're rusty on the syntax or working with unfamiliar metric names. Ask Claude to 'show me 95th percentile latency for the checkout service over the last 24 hours' and it'll construct the query, run it, and explain the results. The capacity planning use case is less obvious but works well for trend analysis, like projecting when you'll hit disk capacity based on current growth rates. Quirks: it's a community project, so expect rough edges. The repo doesn't document which Prometheus API endpoints it hits, and there's no mention of authentication beyond basic URL configuration. If your Prometheus instance requires OAuth or mutual TLS, you'll need to sort that yourself. The container approach means you're running a persistent service rather than a lightweight CLI tool, which feels heavy for something that just wraps HTTP calls. On the plus side, it works with Claude Desktop, Claude Code, and Cursor out of the box, assuming you can configure MCP servers in those hosts. Skip this if you're not already running Prometheus, obviously. Also skip if you're on a team where everyone already speaks fluent PromQL and has Grafana dashboards dialled in. This is for developers who want conversational access to metrics without context-switching, or for on-call engineers who need to explore unfamiliar systems quickly. The Docker dependency might be a deal-breaker in locked-down environments.
Verdict

Install this if you're debugging production issues in a Prometheus-monitored stack and want Claude to handle the query syntax. Skip if you're fluent in PromQL or don't have Docker handy. Best suited for incident response and exploratory metric analysis.

Good at

  • Turns plain English into working PromQL queries, which saves time when you're rusty on the syntax.
  • Container packaging means no Python version conflicts or local dependency installation.
  • Works across Claude Desktop, Claude Code, and Cursor without host-specific fiddling.
  • Genuinely useful for incident response when you need to correlate metrics quickly without opening Grafana.

Watch out

  • Requires Docker running locally, which adds overhead for what's essentially an HTTP wrapper.
  • No documented support for authenticated Prometheus endpoints, so OAuth or mutual TLS setups are on you.
  • Community project with sparse documentation on which API endpoints it uses or how errors are handled.
  • Overkill if your team already has Grafana dashboards and everyone knows PromQL.

Use cases

  • metric exploration
  • alert debugging
  • PromQL generation
  • capacity planning

Getting started

1. Run `docker run ghcr.io/pab1it0/prometheus-mcp-server:latest` to pull the image and start the container. You'll need Docker installed and running. 2. Set the `PROMETHEUS_URL` environment variable to point at your Prometheus instance, e.g., `http://localhost:9090`. 3. Add the server to your Claude Desktop or Cursor MCP config. The exact JSON structure varies by host, but you'll reference the container endpoint. 4. Ask Claude something like 'show me memory usage for all pods in the last hour' to verify it can query your metrics. 5. Watch out for authentication. If your Prometheus requires tokens or certificates, you'll need to configure those separately, and the docs don't cover it.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs