selfhosted-doctor
Read-only MCP that scans Docker Compose, Cloudflare Tunnel and .env files for security risks in self-hosted homelabs.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for selfhosted-doctor, derived from its capabilities.
AIVSS 6.3 ยท Medium
View MAESTRO 7-layer threat model โOverview
selfhosted-doctor is a read-only MCP server that scans Docker Compose files, Cloudflare Tunnel config and .env files for security risks in self-hosted homelab setups. Security surface: to do its job it reads .env files containing secrets, so those values pass through the server (and potentially into the agent's context) during a scan.
Key features
- Docker Compose risk scanning
- Cloudflare Tunnel config checks
- .env secret/misconfig detection
- Read-only local scans
Use cases
- Audit a homelab for misconfigurations
- Spot exposed secrets in compose/.env