umami-analytics-mcp
Security-first Umami analytics MCP (cloud + self-hosted v3) with least-privilege, credential-safe reporting and admin.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for umami-analytics-mcp, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
umami-analytics-mcp is a security-first MCP server for Umami analytics (Cloud and self-hosted v3), offering analytics, reporting and administration built around least privilege and credential-safe design, with explicit flags to enable write/admin/destructive actions. Security surface: it holds Umami API keys and can be escalated to admin/write, so those opt-in flags are the primary control.
Key features
- Least-privilege default config
- Analytics and reporting tools
- Opt-in write/admin/destructive flags
- Cloud and self-hosted support
Use cases
- Report website analytics via an agent
- Administer a self-hosted Umami instance