一键导入
unifi-access-setup
Configure the UniFi Access MCP server for Claude Code, Codex, or OpenClaw — set controller host, credentials, API key, and permissions
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Configure the UniFi Access MCP server for Claude Code, Codex, or OpenClaw — set controller host, credentials, API key, and permissions
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
How to manage UniFi Access door control — locks, credentials, visitors, access policies, and events. Use this skill when the user mentions UniFi Access, door locks, door access, building access, NFC cards, PIN codes, visitor passes, access policies, access schedules, door readers, or any UniFi Access task.
How to manage UniFi network infrastructure — devices, clients, firewall, VPN, routing, WLANs, Traffic Flows, and statistics. Use this skill when the user mentions UniFi, Ubiquiti, network management, WiFi configuration, firewall rules, port forwarding, VPN, QoS, bandwidth, traffic flows, connected clients, network devices, or any UniFi networking task.
How to manage UniFi Protect cameras and NVR — view cameras, smart detections, Find Anything detection search, recordings, snapshots, lights, sensors, Known Faces, license plates, and the Alarm Manager. Use this skill when the user mentions UniFi cameras, security cameras, NVR, recordings, motion detection, person detection, vehicle search, face recognition, Known Faces, license plates, snapshots, RTSP streams, floodlights, sensors, chimes, arming/disarming the alarm, or any UniFi Protect task.
Use this skill when reviewing or merging any community PR in unifi-mcp — even if the user just says "take a look at this PR" or "can we merge this." Covers the quality gate checklist (f-string logger ban, Ruff lint, validator registration, doc site update ordering), the fork-edit model for trusted contributors, org-fork push limitations, dual-subagent review, PR body standards, live smoke tests, mutating cycles, the unresponsive-first-time-contributor fork-edit exception, and the close-and-redirect pattern. Also covers community infrastructure setup (.github/ health files, issue routing, bug report template design) and evidence-first bug triage protocol. Apply this skill before approving any externally-authored PR, before running the merge command, when auditing merged PRs retroactively, and when setting up community engagement infrastructure.
Activate this skill when running, interpreting, extending, or debugging the live hardware smoke test harness in `scripts/live_smoke.py`. Covers all aspects of manifest-driven live testing against real UniFi hardware: .env credential setup, tool classification tiers, --phase flag selection to bound blast radius, the human-in-the-loop confirmation gate for mutations, artifact interpretation in live-smoke-results/, adding new tools to the harness, and recognizing known API contract failure patterns that mock-based CI cannot catch. Apply this skill even if the user doesn't explicitly ask about the harness — activate whenever a PR requires live smoke evidence, a new tool category needs coverage, or an API contract mismatch is suspected. CRITICAL: Treat live smoke as a PRE-MERGE BLOCKING GATE when code changes API response parsing (new fields, filtering logic, payload normalization).
Apply this skill when implementing a new UniFi resource type end-to-end across all layers — manager class, tool layer, domain models, tests, API REST/GraphQL exposure, and action dispatcher integration. Covers: manager CRUD with 405 workarounds, V2 API response normalization, domain Pydantic models and field validation, tool modules with preview/confirm flow, typed action input models for non-CRUD operations, test suites at both layers, manifest generation, Strawberry GraphQL type registration, cursor-based pagination for list endpoints, render-hint conventions, HTTP error contracts (409 for capability mismatch), ManagerFactory multi-controller concurrency, the multi-surface Phase 8 CI gate, field-symmetry migration procedure, update tool fetch-merge-put pattern, mutation tool registration, DISPATCH_ARG_TRANSLATORS action dispatcher wiring, and dual-surface Protect governance. Activates for any task that introduces new resource support across the manager/tool/API boundary.
| name | unifi-access-setup |
| description | Configure the UniFi Access MCP server for Claude Code, Codex, or OpenClaw — set controller host, credentials, API key, and permissions |
| allowed-tools | Read, Bash, AskUserQuestion |
Walk the user through configuring their UniFi Access controller connection. Ask one question at a time and wait for the answer before continuing.
Use the client target that matches the current agent runtime:
claudecodexopenclawIf the runtime is unclear, ask which client to configure. For questions, use the platform's blocking question tool when available (AskUserQuestion in Claude Code, request_user_input in Codex). If no blocking question tool is available, ask in chat with numbered options and wait for the user's reply.
On macOS and Linux, resolve setup scripts relative to this skill file:
../../scripts/check-prereqs.sh../../scripts/set-env.shWhen the host exposes a plugin-root variable such as CLAUDE_PLUGIN_ROOT, using $CLAUDE_PLUGIN_ROOT/scripts/... is also valid. Do not assume the current shell directory is the plugin root.
On Windows with Claude Code, use ../../scripts/set-env.ps1 for the final Claude settings write. On Windows with Codex, prefer the native PowerShell prereq script and call codex mcp add directly with the same env variables if Bash is unavailable. On Windows with OpenClaw, call openclaw mcp set directly with a JSON object containing command, args, and env if Bash is unavailable. Do not run the Bash prereq script on Windows unless the user explicitly asks to use a Bash environment.
Before asking for credentials, run the prereq checker for the current OS.
On macOS/Linux:
bash <path-to-plugin>/scripts/check-prereqs.sh --target <claude|codex|openclaw> "unifi-access"
On Windows PowerShell:
powershell -ExecutionPolicy Bypass -File <path-to-plugin>/scripts/check-prereqs.ps1 -Target <claude|codex|openclaw> -PluginName "unifi-access"
If the script exits non-zero, stop and report the error. Do not proceed to credentials.
Ask: "What is your UniFi controller's IP address or hostname?" Example: 192.168.1.1.
If another UniFi MCP server is already configured, ask whether Access is on the same controller. For Claude, existing values may be in .claude/settings.local.json. For Codex, existing values may be visible through codex mcp list and codex mcp get <server>. For OpenClaw, existing values may be visible through openclaw mcp list and openclaw mcp show <server>.
Access supports two auth paths:
Ask whether the user wants API key only, username/password only, or both. Recommend both when they want full Access management.
For username/password, ask for:
For API key, ask for the key and include UNIFI_ACCESS_API_KEY.
At least one auth path is required.
Ask whether to use defaults or customize:
443, Access API port 12445, SSL verification false, lazy tool loadingAsk whether to enable write permissions. By default, Access mutations are disabled for credentials, visitors, policies, and door controls.
Options:
Collect any selected policy variables. Use the existing UNIFI_POLICY_ACCESS_<CATEGORY>_<ACTION>=true format.
On macOS/Linux, run the target-aware setup script with only values the user provided or selected:
bash <path-to-plugin>/scripts/set-env.sh --target <claude|codex|openclaw> \
UNIFI_ACCESS_HOST=<host> \
UNIFI_ACCESS_API_KEY=<api-key> \
UNIFI_ACCESS_USERNAME=<username> \
UNIFI_ACCESS_PASSWORD=<password>
Add optional values and policy variables to the same command, for example:
bash <path-to-plugin>/scripts/set-env.sh --target <claude|codex|openclaw> \
UNIFI_ACCESS_HOST=<host> \
UNIFI_ACCESS_API_KEY=<api-key> \
UNIFI_ACCESS_USERNAME=<username> \
UNIFI_ACCESS_PASSWORD=<password> \
UNIFI_ACCESS_API_PORT=12445 \
UNIFI_POLICY_ACCESS_VISITORS_CREATE=true
The script handles the client-specific write:
.claude/settings.local.jsonunifi-access MCP server via codex mcp add --env ... -- uvx ...unifi-access MCP server via openclaw mcp set ...For Claude Code, tell the user:
"Configuration saved to .claude/settings.local.json. Restart Claude Code or run /reload-plugins, then confirm the plugin is enabled with /plugin."
For Codex, tell the user:
"Codex MCP server unifi-access configured. Restart Codex so the updated MCP server is loaded."
For OpenClaw, tell the user:
"OpenClaw MCP server unifi-access configured. Restart the OpenClaw Gateway so the updated MCP server is loaded."