mcp-server-uyuni

The server implements strong security practices including opt-in write capabilities via environment variables (`UYUNI_MCP_WRITE_TOOLS_ENABLED`) and a custom `@write_tool` decorator, detailed API error handling, and a confirmation flow for potentially destructive actions. It explicitly warns about the security risks of running with `http` transport without OAuth 2.0 authentication (`UYUNI_AUTH_SERVER`) and the trust-based nature of the `confirm` parameter (recommending elicitation as a more robust alternative). Sensitive credentials (Uyuni API user/pass, SSH private key) are loaded from environment variables. The SSH private key for the `add_system` tool is passed to the main Uyuni server for connection, not used directly by the MCP server itself, which helps mitigate direct exposure risk. Potential security risks primarily stem from misconfiguration (e.g., enabling write tools or HTTP transport without proper authentication in an untrusted network environment) rather than inherent flaws in the server's security design.