mcp-synology
MCP server for Synology NAS — modular, secure (2FA-ready), permission-tiered. File management and beyond.
README
<p align="center"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/cmeans/mcp-synology/main/src/mcp_synology/icons/mcp-synology-logo-dark.svg" width="128"> <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/cmeans/mcp-synology/main/src/mcp_synology/icons/mcp-synology-logo-light.svg" width="128"> <img src="https://raw.githubusercontent.com/cmeans/mcp-synology/main/src/mcp_synology/icons/mcp-synology-logo-light.svg" alt="mcp-synology logo" width="128"> </picture> </p>
mcp-synology
MCP server for Synology NAS devices. Exposes Synology DSM API functionality as MCP tools that Claude can use.
<!-- mcp-name: io.github.cmeans/mcp-synology -->
Migrating from synology-mcp
If you're upgrading from synology-mcp (v0.3.x or earlier), the package has been renamed. A migration script handles config, state, keyring entries, and Claude Desktop config automatically:
# Download and run the migration script
curl -O https://raw.githubusercontent.com/cmeans/mcp-synology/main/scripts/migrate-from-synology-mcp.py
python migrate-from-synology-mcp.py # dry run — preview changes
python migrate-from-synology-mcp.py --apply # apply changes
The script migrates:
- Config directory (
~/.config/synology-mcp/→~/.config/mcp-synology/) - State directory (
~/.local/state/synology-mcp/→~/.local/state/mcp-synology/) - Keyring credentials
- Claude Desktop
claude_desktop_config.json(updates command and paths)
See CHANGELOG.md for full details on breaking changes.
Supported Modules
File Station
Browse, search, transfer, and manage files on your NAS. 14 tools across two permission tiers:
- READ — list_shares, list_files, list_recycle_bin, search_files, get_file_info, get_dir_size, download_file
- WRITE — create_folder, rename, copy_files, move_files, delete_files, restore_from_recycle_bin, upload_file
System
Monitor NAS health and resource utilization. 2 read-only tools:
- get_system_info — model, firmware version, RAM, temperature, uptime (works for all users)
- get_resource_usage — live CPU load, memory usage, disk I/O, network throughput (requires admin account)
Features
- Interactive setup — guided configuration that creates your config, stores credentials, handles 2FA, and emits a Claude Desktop snippet
- Permission tiers — READ or WRITE per module, enforced at tool registration
- 2FA support — auto-detected; device token bootstrap with automatic silent re-auth
- Secure credentials — OS keyring integration that works transparently on macOS, Windows, and Linux (including from Claude Desktop). See docs/credentials.md.
- Multi-NAS — manage multiple NAS devices with separate configs, credentials, and state
Quick Start
1. Run setup
uvx mcp-synology setup
Requires uv. uvx downloads and runs the latest version automatically — no separate install step needed.
Setup will prompt for your NAS host, credentials, and preferences. If your account has 2FA enabled, it will prompt for an OTP code and store a device token for automatic future logins.
At the end, it prints a Claude Desktop JSON snippet ready to copy-paste.
2. Add to Claude Desktop
Copy the snippet from setup into your claude_desktop_config.json and restart Claude Desktop. It will look something like:
{
"mcpServers": {
"synology-nas": {
"command": "uvx",
"args": ["mcp-synology", "serve", "--config", "~/.config/mcp-synology/nas.yaml"]
}
}
}
The config file name (e.g., nas.yaml) also serves as a natural identifier for the connection — you can name it to match your NAS (e.g., home-nas.yaml, office-nas.yaml).
On Linux, the server auto-detects the D-Bus session socket for keyring access. If auto-detection fails, add "env": {"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/<uid>/bus"} to the Claude Desktop config. The setup command includes this in the generated snippet.
3. Verify
uvx mcp-synology check # Validates credentials work
uvx mcp-synology setup --list # Shows all configured NAS instances
Alternative: global install
If you prefer a persistent install (avoids download on each invocation):
uv tool install mcp-synology
mcp-synology setup
mcp-synology check
Alternative: env-var-only mode
No config file needed if SYNOLOGY_HOST is set. This is useful for Docker or CI environments:
{
"mcpServers": {
"synology": {
"command": "uvx",
"args": ["mcp-synology", "serve"],
"env": {
"SYNOLOGY_HOST": "192.168.1.100",
"SYNOLOGY_USERNAME": "your_user",
"SYNOLOGY_PASSWORD": "your_password"
}
}
}
}
Or from the CLI:
SYNOLOGY_HOST=192.168.1.100 uvx mcp-synology check
2FA Support
mcp-synology fully supports DSM accounts with two-factor authentication. It's auto-detected — you don't need to configure anything special:
- Bootstrap —
mcp-synology setupdetects 2FA, prompts for your OTP code, and stores a device token in the keyring - Silent re-auth — subsequent logins use the device token automatically (no OTP prompts)
- Per-instance — each NAS config gets its own device token, so mixed 2FA/non-2FA setups work fine
Device tokens persist until you explicitly revoke them in DSM (Personal > Security > Sign-in Activity). They do not expire on their own. If a token is revoked, run mcp-synology setup again to re-bootstrap.
Keyring & Credentials
Credentials are stored in the OS keyring and accessed transparently:
| Platform | Backend | Notes |
|---|---|---|
| macOS | Keychain | Just works |
| Windows | Credential Manager | Just works |
| Linux | GNOME Keyring / KWallet | Auto-detects D-Bus session, works from Claude Desktop |
Credential resolution order: env vars > config file > keyring. Explicit sources override the implicit default.
For environments without a keyring (Docker, CI), use environment variables or inline credentials in the config file.
See docs/credentials.md for keyring service names, multi-NAS setup, and how to inspect/remove stored credentials.
Updates
mcp-synology checks for updates and notifies you in your Claude Desktop conversation — the first tool response in each session will include a notice if a newer version is available on PyPI.
To manage updates from the CLI:
mcp-synology --check-update # Check for a newer version
mcp-synology --auto-upgrade enable # Auto-upgrade on each interactive run
mcp-synology --revert # Roll back to previous version
mcp-synology --revert 0.1.0 # Roll back to a specific version
To disable update notifications, add to your config (top level):
# ~/.config/mcp-synology/config.yaml
check_for_updates: false
Configuration
Interactive setup creates a config file for you. For manual configuration or advanced options, see examples/:
config-minimal.yaml— simplest possible configconfig-power-user.yaml— HTTPS, custom timeouts, logging, instructionsconfig-docker.yaml— environment-variable-driven
Multi-NAS
Each NAS gets its own config file, credentials, and Claude Desktop entry. The config file name serves as a natural identifier (e.g., home-nas.yaml, media-server.yaml).
Set alias to give Claude a display name for the connection:
# ~/.config/mcp-synology/home-nas.yaml
alias: HomeNAS
The alias appears in the MCP server name (e.g., synology-HomeNAS) so Claude knows which NAS it's talking to.
Custom Instructions
Custom instructions let you shape how Claude interacts with your NAS tools. This is useful when:
- Multiple NAS connections — tell Claude which connection to prefer for different tasks ("use this for media, use admin for cross-user operations")
- Safety guardrails — add rules like "always confirm before deleting" or "never touch /Backups"
- Context — explain what's on the NAS ("this is a media server, /video has our library sorted by genre")
Add context — custom_instructions is prepended to the built-in prompt (higher priority):
# ~/.config/mcp-synology/config.yaml
custom_instructions: |
This is the admin NAS with elevated privileges.
Prefer this connection for file operations requiring cross-user access.
Never delete files from /Backups without explicit confirmation.
Full control — instructions_file replaces the built-in prompt entirely. Copy the built-in server.md as a starting point:
# ~/.config/mcp-synology/config.yaml
instructions_file: ~/.config/mcp-synology/my-instructions.md
Both support template variables: {display_name}, {instance_id}, {host}, {port}.
Debugging
Two ways to enable debug logging:
mcp-synology check --verbose # --verbose flag on setup/check
SYNOLOGY_LOG_LEVEL=debug mcp-synology serve # env var, works for all commands
Or set it persistently in your config file:
# ~/.config/mcp-synology/config.yaml
logging:
level: debug
file: ~/.local/state/mcp-synology/nas/server.log # optional, logs to stderr by default
Debug output includes every DSM API request/response (passwords masked), credential resolution steps, config discovery, version negotiation, and module registration decisions.
Contributing
See DEVELOPMENT.md for build commands, testing, integration test setup, and design docs.
Acknowledgements
This project was built using a Spec-First Coding approach — a human-AI collaboration model where design precedes implementation and specs are the contract between the two.
Unlike vibe coding, where you describe what you want and let the AI generate code on the fly, spec-first coding treats design as a separate, deliberate phase. The four specs in docs/specs/ were developed through extended conversation — exploring trade-offs, rejecting alternatives, and documenting decisions with rationale. Implementation then used the specs as the source of truth across 11 build phases.
Live testing against real hardware revealed behaviors the specs couldn't anticipate (DSM API quirks, search service throttling, version format incompatibilities). These discoveries are documented in CLAUDE.md and the code, which is authoritative where specs diverge.
License
<picture> <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/cmeans/mcp-synology/main/src/mcp_synology/icons/mcp-synology-logo-dark.svg" width="24"> <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/cmeans/mcp-synology/main/src/mcp_synology/icons/mcp-synology-logo-light.svg" width="24"> <img src="https://raw.githubusercontent.com/cmeans/mcp-synology/main/src/mcp_synology/icons/mcp-synology-logo-light.svg" alt="" width="24" align="top"> </picture> © 2026 Chris Means
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。