= FRITZ!Box MCP Server :toc: macro :toclevels: 3 :sectnums:
Control your FRITZ!Box router through AI assistants like Claude using natural language.
link:README-de.adoc[🇩🇪 Deutsche Version] | link:COMPARISON.adoc[Comparison with Other Solutions] | link:CHANGELOG.adoc[Changelog]
https://mcpservers.org/servers/kambriso/fritzbox-mcp-server[image:https://img.shields.io/badge/Listed%20on-mcpservers.org-0066cc?style=for-the-badge&logo=anthropic[Listed on mcpservers.org]]
https://github.com/kambriso/fritzbox-mcp-server/actions/workflows/build.yml[image:https://github.com/kambriso/fritzbox-mcp-server/actions/workflows/build.yml/badge.svg[Build]] https://github.com/kambriso/fritzbox-mcp-server/releases/latest[image:https://img.shields.io/github/v/release/kambriso/fritzbox-mcp-server[Release]] https://gitlab.com/kambriso/fritzbox-mcp-server/-/pipelines[image:https://gitlab.com/kambriso/fritzbox-mcp-server/badges/main/pipeline.svg[Pipeline]] image:https://img.shields.io/badge/SLSA-Level%203-green[SLSA Level 3] image:https://img.shields.io/github/license/kambriso/fritzbox-mcp-server[License] image:https://img.shields.io/github/go-mod/go-version/kambriso/fritzbox-mcp-server[Go Version]
toc::[]
== Introduction
=== What is this?
This MCP server lets you interact with your FRITZ!Box router using AI assistants. Ask questions in plain language, analyze your network, manage devices, troubleshoot issues, and configure settings without touching the web interface.
=== How it works (Security Architecture)
image::arch.svg[Architecture Diagram]
The MCP server runs on your computer and acts as a secure bridge between AI agents (which run in the cloud) and your FRITZ!Box (which stays completely local).
Your FRITZ!Box credentials are stored locally in a .env file on your computer.
The MCP server uses these credentials to communicate with your FRITZ!Box over your local network only.
The AI agent receives only the results (like "3 devices connected" or "Router uptime: 5 days"), never your credentials or direct access to your router.
Critical security features:
- Your FRITZ!Box never needs internet exposure
- No ports need to be opened
- No cloud connection to your router
- Credentials stay on your computer
- All router communication happens on your local network only
=== Why use this?
Works with ALL FRITZ!Box models and firmware versions. When AVM releases new features or models, this server adapts automatically. No updates needed.
Unlike other solutions that break with firmware updates or only work with specific models, this server discovers your router's capabilities in real-time.
== User Guide
=== Quick Start
==== 1. Installation
===== Automated Installation (Linux/macOS - Recommended)
Download and install with automatic checksum verification:
[source,bash]
curl -fsSL https://raw.githubusercontent.com/kambriso/fritzbox-mcp-server/main/install.sh | sh
The installer will:
- Detect your platform (OS and architecture) automatically
- Download the latest release from GitHub
- Verify SHA256 checksums for security
- Install to
~/.local/bin/fritz-mcp - Make the binary executable
[TIP]
Customize installation:
[source,bash]
Install specific version
FRITZBOX_MCP_VERSION=<tag> curl -fsSL https://raw.githubusercontent.com/kambriso/fritzbox-mcp-server/main/install.sh | sh
Install to custom directory
FRITZBOX_MCP_INSTALL_DIR=/usr/local/bin curl -fsSL https://raw.githubusercontent.com/kambriso/fritzbox-mcp-server/main/install.sh | sh
====
===== Manual Installation (All platforms)
Get the binary for your system from https://github.com/kambriso/fritzbox-mcp-server/releases[Releases]:
Linux:: fritz-mcp-linux-amd64.tar.xz or fritz-mcp-linux-arm64.tar.xz
macOS:: fritz-mcp-darwin-amd64.tar.xz or fritz-mcp-darwin-arm64.tar.xz
Windows:: fritz-mcp-windows-amd64.zip or fritz-mcp-windows-arm64.zip
Extract the archive and make it executable (Linux/macOS): [source,bash]
tar -xJf fritz-mcp-linux-amd64.tar.xz chmod +x fritz-mcp
Windows: Extract the ZIP file.
==== 2. Interactive Setup
The easiest way to configure your FRITZ!Box is using the interactive setup mode. This will automatically discover your router on the network and guide you through the configuration process.
[source,bash]
./fritz-mcp --setup
The setup mode will:
- Discover: Find FRITZ!Box devices using SSDP on your local network.
- Identify: Automatically detect the Mesh Master (gateway).
- Configure: Prompt for your host, username, password, and TLS preference.
- Secure: Save credentials to a .env file with 0600 permissions (read/write only by you).
==== 3. FRITZ!Box User Permissions
Your FRITZ!Box user needs full settings access.
In the FRITZ!Box web interface (http://fritz.box):
- Go to System → FRITZ!Box-Benutzer → [Your User] → Berechtigungen
- Enable: "FRITZ!Box-Einstellungen" (or "The user can view and edit all FRITZ!Box settings")
==== 4. Configure your MCP client
For Windows and macOS, Claude Desktop is the most direct option.
As of June 15, 2026, Anthropic does not provide an official Claude Desktop app for Linux.
On Linux, use any MCP-compatible client or editor integration that can launch a local stdio server and add fritz-mcp there with the same command shown below.
Claude Desktop config paths:
Windows:: %APPDATA%\Claude\claude_desktop_config.json
macOS:: ~/Library/Application Support/Claude/claude_desktop_config.json
Add the server:
[source,json]
{ "mcpServers": { "fritzbox": { "command": "/path/to/fritz-mcp" } } }
[TIP]
Windows: C:\\Users\\YourName\\path\\to\\fritz-mcp.exe (note the double backslashes)
macOS/Linux with automated install: ~/.local/bin/fritz-mcp
macOS/Linux with manual install: Absolute path to where you placed the binary, e.g. /Users/yourname/bin/fritz-mcp
Restart your MCP client after config changes.
=== What can you do?
==== Ask Questions
"What's my external IP address?"
"Show me all connected devices"
"How long has the router been running?"
"What's my current internet speed?"
"Is my WiFi secure?"
==== Analyze Your Network
"Analyze my network health and tell me if everything looks good"
Claude will check your connection quality, identify issues, explain patterns in your logs, and provide recommendations.
Example response: [source,text]
Network Health Analysis
Connection: Healthy ✓
- Speed: 112 / 37 Mbit/s (down/up)
- Signal quality: Excellent
- No errors detected
Daily Reconnections at 04:00: This is normal. Your ISP enforces 24-hour session limits. FRITZ!Box reconnects proactively to avoid forced disconnection.
One DSL resync on Dec 7 at 12:52: Single event, recovered in 4 minutes. Monitor for recurring patterns, but not concerning as an isolated incident.
Overall: Network operating optimally.
==== Manage Devices
"Show all WiFi devices"
"Which devices are using the most bandwidth?"
"List unknown devices in my network"
"Prioritize my laptop's bandwidth - I have a video call"
==== Parental Controls & Scheduling
"Block the Nintendo Switch in 20 minutes"
"Disable internet for all gaming devices during work hours"
"Enable guest WiFi at 6 PM for the party"
==== Troubleshooting
"Why is my internet slow?"
"Check if there are any connection problems"
"Show me recent disconnections"
=== Examples
==== Network Health Check
Prompt: "Analyze my network health and check if everything is running optimally"
Claude autonomously:
- Queries device info and uptime
- Checks connection status and stability
- Analyzes line quality and error rates
- Reviews logs for patterns
- Distinguishes normal behavior from issues
- Provides recommendations
==== Device Inventory
Prompt: "Show me all devices - which are online and are there any unknown devices?"
Claude:
- Lists all registered devices
- Categorizes by status (online/offline)
- Groups by connection type (WiFi/Ethernet)
- Identifies unknown or suspicious devices
- Provides security analysis
==== Time-Delayed Actions
Prompt: "Block the gaming console in 20 minutes"
Claude schedules the action to execute automatically, even after you close the chat.
This uses the server's CLI mode for persistent background execution.
=== Troubleshooting
==== Cannot connect to FRITZ!Box
Check that your router is reachable: [source,bash]
ping fritz.box
Verify credentials in .env file.
Ensure your FRITZ!Box user has full settings permission enabled.
==== Your MCP client doesn't see the server
If you use Claude Desktop on Windows or macOS, verify the path in claude_desktop_config.json is absolute and correct.
On Linux, verify the command/path in your MCP client's server configuration is absolute and correct.
Windows users: Use double backslashes in paths.
Restart your MCP client after config changes.
==== Permission errors
Your FRITZ!Box user needs "FRITZ!Box-Einstellungen" permission enabled. See configuration section above.
=== Privacy & Security
All communication stays on your local network.
Your credentials are stored locally in a .env file and used only to communicate with your FRITZ!Box.
The AI receives only the results of operations, never your credentials.
No cloud services. No external servers. Everything runs locally.
==== Binary Verification
Independent VirusTotal scans confirm the binaries are clean:
- https://www.virustotal.com/gui/file/3137edfa6438276495399ccdeb58751f1205d38426dbb827969dba299e5a731a[linux-amd64]
- https://www.virustotal.com/gui/file/ace64b3d9dcb47476407938cfc010e888d481da49185c7f392901303d99786ed[linux-arm64]
- https://www.virustotal.com/gui/file/65fb7ccad5d7e83210a788d1fc3e4b9a69c1dbaee2af81ada82fdb0474c26e36[darwin-arm64]
- https://www.virustotal.com/gui/file/c4b0d05b2a4d60bb34d149974779d7115d31f4568dadd4843e6c5b3e275c5c17[windows-amd64]
==== Supply chain Levels for Software Artifacts (SLSA)
This project provides https://slsa.dev[SLSA] (Supply chain Levels for Software Artifacts) provenance for all release binaries. SLSA provenance cryptographically attests that binaries were built from specific source code by a trusted builder.
Two independent proofs are available:
- SHA256SUMS - Cross-forge reproducibility (same source produces identical binaries on GitLab and GitHub)
- SLSA provenance - Supply chain attestation (proves binary origin and build process)
===== GitLab (SLSA Level 2)
GitLab releases include SLSA Level 2 provenance via artifacts-metadata.json.
Verification:
[source,bash]
Download binary and SLSA metadata
glab release download <tag> -R kambriso/fritzbox-mcp-server
-n 'fritz-mcp-linux-amd64' -n 'artifacts-metadata.json' # <1>
Examine provenance
cat artifacts-metadata.json | jq '.predicateType'
Output: "https://slsa.dev/provenance/v1"
Verify artifact digest matches
sha256sum fritz-mcp-linux-amd64
Compare with digest in artifacts-metadata.json subjects
<1> The git tag to verify, e.g., v0.7.7
Alternatively, use the Makefile target:
[source,bash]
make verify-slsa-gitlab-linux-amd64 SLSA_TAG=<tag>
The provenance includes:
- In-toto statement format (
https://in-toto.io/Statement/v0.1) - SLSA v1 predicate with build definition
- SHA256 digests for all artifacts
- GitLab CI environment parameters
===== GitHub (SLSA Level 3)
GitHub releases include SLSA Level 3 provenance via the https://github.com/slsa-framework/slsa-github-generator[slsa-github-generator].
Verification using slsa-verifier:
[source,bash]
Download binary and provenance
gh release download <tag> -R kambriso/fritzbox-mcp-server
-p 'fritz-mcp-linux-amd64' -p '*.intoto.jsonl'
Verify provenance
go run github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@latest
verify-artifact fritz-mcp-linux-amd64
--provenance-path multiple.intoto.jsonl
--source-uri github.com/kambriso/fritzbox-mcp-server
--source-tag <tag> # <1>
<1> The git tag to verify, e.g., v0.7.7
Alternati
…