grocy-mcp
by daniel-iliesh
Overview
Provides an LLM-friendly API layer over the Grocy REST API, enabling structured tools for managing stock, shopping lists, recipes, chores, and tasks within a Home Assistant environment.
Installation
uv run python server.pyEnvironment Variables
- GROCY_API_URL
- GROCY_API_KEY
- HA_TOKEN
Security Notes
The server uses a fully open CORS policy (`allow_origins=["*"]`), which is explicitly mentioned as being for 'browser-based MCP Inspector'. While this might be acceptable for a strictly local and isolated development/testing environment, exposing a server with such a permissive CORS policy to any network, especially the internet, presents a significant security risk. It could enable Cross-Site Request Forgery (CSRF) or data exfiltration from other websites. The authentication mechanism using Home Assistant's ingress session tokens and Grocy API keys from environment variables is good practice for credential management, but the open CORS undermines overall security for broader deployment. Errors from the Grocy API are also logged in detail, which could potentially expose sensitive information if not handled securely in production logs.
Similar Servers
HowToCook-mcp
Provides an AI assistant with tools for recipe lookup, meal planning, and food recommendations.
ha-mcp
Provides AI agents with complete control over Home Assistant via REST and WebSocket APIs, offering a comprehensive suite of tools for smart home management, automation, and debugging.
rohlik-mcp
Enhances LLMs with grocery shopping capabilities across Rohlik Group's online services.
advanced-homeassistant-mcp
A powerful, secure, and extensible Model Context Protocol (MCP) server that enables AI assistants like Claude, GPT, and Cursor to seamlessly interact with Home Assistant. Control your lights, climate, automations, and more through natural language commands.