Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

sirkirby/unifi-network-setup

Name: unifi-network-setup
Author: sirkirby

plugins/unifi-network/skills/unifi-network-setup/SKILL.md

npx skillsauth add sirkirby/unifi-network-mcp unifi-network-setup

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Set Up UniFi Network MCP Server

Walk the user through configuring their UniFi Network controller connection. Ask one question at a time and wait for the answer before continuing.

Interaction Rules

Use the client target that matches the current agent runtime:

Claude Code: claude
Codex: codex
OpenClaw: openclaw

If the runtime is unclear, ask which client to configure. For questions, use the platform's blocking question tool when available (AskUserQuestion in Claude Code, request_user_input in Codex). If no blocking question tool is available, ask in chat with numbered options and wait for the user's reply.

On macOS and Linux, resolve setup scripts relative to this skill file:

../../scripts/check-prereqs.sh
../../scripts/set-env.sh

When the host exposes a plugin-root variable such as CLAUDE_PLUGIN_ROOT, using $CLAUDE_PLUGIN_ROOT/scripts/... is also valid. Do not assume the current shell directory is the plugin root.

On Windows with Claude Code, use ../../scripts/set-env.ps1 for the final Claude settings write. On Windows with Codex, call codex mcp add directly with the same env variables if Bash is unavailable. On Windows with OpenClaw, call openclaw mcp set directly with a JSON object containing command, args, and env if Bash is unavailable.

Step 0: Check Prerequisites

Before asking for credentials, run:

bash <path-to-plugin>/scripts/check-prereqs.sh --target <claude|codex|openclaw> "unifi-network"

If the script exits non-zero, stop and report the error. Do not proceed to credentials.

Step 1: Controller Host

Ask: "What is your UniFi controller's IP address or hostname?" Example: 192.168.1.1.

Step 2: Credentials

Ask for:

Username, using a local admin account, not a Ubiquiti SSO account
Password

Username and password are required.

Optional API Key

After collecting username and password, explain that UniFi API key support is experimental and limited to read-only operations and a subset of tools. Ask whether to configure an API key too.

If yes, ask for the API key and include UNIFI_NETWORK_API_KEY. If no, skip it.

Step 3: Optional Settings

Ask whether to use defaults or customize:

Defaults: port 443, site default, SSL verification false, lazy tool loading
Customize: ask for port, site, SSL verification, and tool registration mode

Step 4: Permission Configuration

Ask whether to enable write permissions:

Read-only for now
Enable common write permissions: firewall, port forwards, QoS, traffic routes, VPN clients
Enable all write permissions except delete operations
Custom categories

Collect any selected policy variables. Use the existing UNIFI_POLICY_NETWORK_<CATEGORY>_<ACTION>=true format.

Step 5: Write Configuration

On macOS/Linux, run the target-aware setup script with only values the user provided or selected:

bash <path-to-plugin>/scripts/set-env.sh --target <claude|codex|openclaw> \
  UNIFI_NETWORK_HOST=<host> \
  UNIFI_NETWORK_USERNAME=<username> \
  UNIFI_NETWORK_PASSWORD=<password>

Add optional values and policy variables to the same command, for example:

bash <path-to-plugin>/scripts/set-env.sh --target <claude|codex|openclaw> \
  UNIFI_NETWORK_HOST=<host> \
  UNIFI_NETWORK_USERNAME=<username> \
  UNIFI_NETWORK_PASSWORD=<password> \
  UNIFI_NETWORK_API_KEY=<api-key> \
  UNIFI_POLICY_NETWORK_FIREWALL_UPDATE=true

The script handles the client-specific write:

Claude target: merges env vars into .claude/settings.local.json
Codex target: replaces the unifi-network MCP server via codex mcp add --env ... -- uvx ...
OpenClaw target: replaces the unifi-network MCP server via openclaw mcp set ...

Step 6: Final Message

For Claude Code, tell the user:

"Configuration saved to .claude/settings.local.json. Restart Claude Code or run /reload-plugins, then confirm the plugin is enabled with /plugin."

For Codex, tell the user:

"Codex MCP server unifi-network configured. Restart Codex so the updated MCP server is loaded."

For OpenClaw, tell the user:

"OpenClaw MCP server unifi-network configured. Restart the OpenClaw Gateway so the updated MCP server is loaded."

sirkirby/unifi-network-setup

plugins/unifi-network/skills/unifi-network-setup/SKILL.md

Configure the UniFi Network MCP server for Claude Code, Codex, or OpenClaw — set controller host, credentials, and permissions

337 stars

tools

Updated May 15, 2026

$ install --global

skillsauth

npx skillsauth add sirkirby/unifi-network-mcp unifi-network-setup

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 15, 2026, 4:26 AM55.7s1 file scanned

SKILL.md

name:: unifi-network-setup
description:: Configure the UniFi Network MCP server for Claude Code, Codex, or OpenClaw — set controller host, credentials, and permissions
allowed-tools:: Read, Bash, AskUserQuestion

Set Up UniFi Network MCP Server

Walk the user through configuring their UniFi Network controller connection. Ask one question at a time and wait for the answer before continuing.

Interaction Rules

Use the client target that matches the current agent runtime:

Claude Code: claude
Codex: codex
OpenClaw: openclaw

On macOS and Linux, resolve setup scripts relative to this skill file:

../../scripts/check-prereqs.sh
../../scripts/set-env.sh

When the host exposes a plugin-root variable such as CLAUDE_PLUGIN_ROOT, using $CLAUDE_PLUGIN_ROOT/scripts/... is also valid. Do not assume the current shell directory is the plugin root.

Step 0: Check Prerequisites

Before asking for credentials, run:

bash <path-to-plugin>/scripts/check-prereqs.sh --target <claude|codex|openclaw> "unifi-network"

If the script exits non-zero, stop and report the error. Do not proceed to credentials.

Step 1: Controller Host

Ask: "What is your UniFi controller's IP address or hostname?" Example: 192.168.1.1.

Step 2: Credentials

Ask for:

Username, using a local admin account, not a Ubiquiti SSO account
Password

Username and password are required.

Optional API Key

After collecting username and password, explain that UniFi API key support is experimental and limited to read-only operations and a subset of tools. Ask whether to configure an API key too.

If yes, ask for the API key and include UNIFI_NETWORK_API_KEY. If no, skip it.

Step 3: Optional Settings

Ask whether to use defaults or customize:

Defaults: port 443, site default, SSL verification false, lazy tool loading
Customize: ask for port, site, SSL verification, and tool registration mode

Step 4: Permission Configuration

Ask whether to enable write permissions:

Read-only for now
Enable common write permissions: firewall, port forwards, QoS, traffic routes, VPN clients
Enable all write permissions except delete operations
Custom categories

Collect any selected policy variables. Use the existing UNIFI_POLICY_NETWORK_<CATEGORY>_<ACTION>=true format.

Step 5: Write Configuration

On macOS/Linux, run the target-aware setup script with only values the user provided or selected:

bash <path-to-plugin>/scripts/set-env.sh --target <claude|codex|openclaw> \
  UNIFI_NETWORK_HOST=<host> \
  UNIFI_NETWORK_USERNAME=<username> \
  UNIFI_NETWORK_PASSWORD=<password>

Add optional values and policy variables to the same command, for example:

bash <path-to-plugin>/scripts/set-env.sh --target <claude|codex|openclaw> \
  UNIFI_NETWORK_HOST=<host> \
  UNIFI_NETWORK_USERNAME=<username> \
  UNIFI_NETWORK_PASSWORD=<password> \
  UNIFI_NETWORK_API_KEY=<api-key> \
  UNIFI_POLICY_NETWORK_FIREWALL_UPDATE=true

The script handles the client-specific write:

Claude target: merges env vars into .claude/settings.local.json
Codex target: replaces the unifi-network MCP server via codex mcp add --env ... -- uvx ...
OpenClaw target: replaces the unifi-network MCP server via openclaw mcp set ...

Step 6: Final Message

# Clone the repo
git clone https://github.com/sirkirby/unifi-network-mcp.git

# Copy into Claude Code skills folder (global)
cp -r unifi-network-mcp/plugins/unifi-network/skills/unifi-network-setup ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

sirkirby/unifi-network-mcp

337 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT