selfhosted-doctor
Read-only MCP that scans Docker Compose, Cloudflare Tunnel and .env files for security risks in self-hosted homelabs.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for selfhosted-doctor, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
selfhosted-doctor is a read-only MCP server that scans Docker Compose files, Cloudflare Tunnel config and .env files for security risks in self-hosted homelab setups. Security surface: to do its job it reads .env files containing secrets, so those values pass through the server (and potentially into the agent's context) during a scan.
Key features
- Docker Compose risk scanning
- Cloudflare Tunnel config checks
- .env secret/misconfig detection
- Read-only local scans
Use cases
- Audit a homelab for misconfigurations
- Spot exposed secrets in compose/.env