Model Context Protocol moderate risk

Victoriametrics

The VictoriaMetrics MCP server provides a Model Context Protocol interface for querying and interacting with VictoriaMetrics instances, enabling monitoring, observability, and debugging.

Connections & Capabilities

Connects To

GitHubSlackDockerKubernetes

Capabilities

readwrite

Quickstart

Install

npx -y

Config

{
  "mcpServers": {
    "victoriametrics": {
      "command": "/path/to/mcp-victoriametrics",
      "env": {
        "VM_INSTANCE_ENTRYPOINT": "<YOUR_VM_INSTANCE>",
        "VM_INSTANCE_TYPE": "<YOUR_VM_INSTANCE_TYPE>",
        "VM_INSTANCE_BEARER_TOKEN": "<YOUR_VM_BEARER_TOKEN>",
        "VM_INSTANCE_HEADERS": "<HEADER>=<HEADER_VALUE>,<HEADER>=<HEADER_VALUE>"
      }
    }
  }
}

Exposed MCP Tools (9)

safe

querying metrics

Retrieves metrics data from VictoriaMetrics based on a given query.

Read-only operation; no data modification.

safe

listing metrics

Lists available metrics stored in VictoriaMetrics.

Read-only operation; no data modification.

moderate

analyzing alerting rules

Analyzes and tests alerting rules defined in VictoriaMetrics.

Can modify alerting rule configurations.

safe

export

Exports data from VictoriaMetrics.

Read-only operation; exports data.

safe

flags

Shows parameters of your VictoriaMetrics instance

Read-only operation; shows parameters.

safe

metric_relabel_debug

Debugging your relabeling rules

Read-only operation; debugging relabeling rules.

safe

downsampling_filters_debug

Debugging your downsampling filters

Read-only operation; debugging downsampling filters.

safe

retention_filters_debug

Debugging your retention policy configurations

Read-only operation; debugging retention policy configurations.

moderate

test_rules

Testing your alerting and recording rules

Can modify alerting and recording rules.

Safety Assessment

The VictoriaMetrics MCP server is relatively safe for read-only operations and data exploration. However, caution should be exercised when using tools that modify alerting rules or other configurations. Ensure proper authentication and authorization are in place to mitigate risks.

Primarily read-only access to VictoriaMetrics data.
Allows disabling specific tools to restrict functionality.
No direct filesystem access or shell execution.
Supports authentication via bearer tokens and API keys.

Exposes VictoriaMetrics instance to potential external access.
Improperly configured rules or queries could lead to resource exhaustion.
Potential for information disclosure if access controls are not properly configured.
Some tools allow modifying alerting and recording rules.