Model Context Protocol moderate risk

Grafana

The Grafana MCP server provides a secure interface to manage Grafana instances and related ecosystems, offering read and write access to dashboards, datasources, alerts, and more.

Connections & Capabilities

Connects To

GitHubDockerKubernetes

Capabilities

readwriteexecadmin

Quickstart

Config

{
  "mcpServers": {
    "grafana": {
      "command": "mcp-grafana",
      "args": [],
      "env": {
        "GRAFANA_URL": "http://localhost:3000",
        "GRAFANA_USERNAME": "<your username>",
        "GRAFANA_PASSWORD": "<your password>",
        "GRAFANA_ORG_ID": "2"
      }
    }
  }
}

Exposed MCP Tools (7)

safe

search_dashboards

Find dashboards based on title or other metadata.

Read-only operation, no side effects.

safe

get_dashboard_by_uid

Retrieve full dashboard details using its unique identifier.

Read-only operation, but large dashboards can consume significant context window space.

high

update_or_create_a_dashboard

Modify existing dashboards or create new ones.

Requires full dashboard JSON, potentially leading to unintended modifications or corruption.

safe

query_prometheus

Execute PromQL queries against Prometheus datasources.

Read-only operation, but poorly crafted queries can impact performance.

safe

list_users

View all users in an organization in Grafana.

Read-only operation, but exposes user information.

critical

delete_alert_rules

Remove alert rules by UID.

Destructive operation that can disrupt monitoring and alerting.

moderate

get_panel_image

Render a Grafana dashboard panel or full dashboard as a PNG image.

Requires Grafana Image Renderer, potential for resource exhaustion if abused.

Safety Assessment

The Grafana MCP server's safety depends heavily on configuration. When used with strict RBAC and only necessary tools enabled, it can be relatively safe. However, enabling admin tools or granting broad permissions significantly increases the risk of unintended or malicious actions.

Granular RBAC permissions allow for least-privilege access.
Tools can be selectively enabled or disabled to reduce the attack surface.
Several tools offer read-only access, minimizing potential damage.
Context window management strategies help limit exposure of sensitive data.

Many tools allow write operations, potentially leading to unintended modifications.
Admin tools, if enabled, grant extensive control over the Grafana instance.
Improperly configured RBAC can lead to privilege escalation.
Some tools require access to sensitive data, such as dashboard JSON and datasource credentials.