VERIFIED

Zenml

Safety: 55/100

0.0(0)

The ZenML MCP server provides access to ZenML metadata and pipeline execution, enabling LLMs to interact with and manage ML workflows. Triggering pipelines and accessing secrets pose the highest risks.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

The ZenML MCP server is relatively safe for read-only operations. The greatest risks come from triggering pipelines and accessing secrets. Proper ZenML access controls and monitoring are essential to mitigate these risks.

Performance depends on the ZenML server's responsiveness and network latency. Large queries or log retrievals may take longer.

Cost depends on the underlying ZenML server's infrastructure and resource usage. Triggering pipelines consumes resources and may incur costs.

HybridPython42 starsMITReleased 1/28/2026CI/CD

Connections & Capabilities

Connects To

GitHubSlackDocker

Capabilities

ReadWriteExec

Client Compatibility

Claude Desktop

full

Cursor

full

Windsurf

untested

VS Code (Copilot)

full

Quickstart

Install

npx cloudflared tunnel --url http://localhost:8001

Claude Desktop Config

{
    "mcpServers": {
        "zenml": {
            "command": "/usr/local/bin/uv",
            "args": ["run", "path/to/zenml_server.py"],
            "env": {
                "LOGLEVEL": "INFO",
                "NO_COLOR": "1",
                "PYTHONUNBUFFERED": "1",
                "PYTHONIOENCODING": "UTF-8",
                "ZENML_STORE_URL": "https://your-zenml-server-goes-here.com",
                "ZENML_STORE_API_KEY": "your-api-key-here"
            }
        }
    }
}

Tools (47)

safe

get_snapshot

Retrieves a specific pipeline snapshot by name or ID.

Read-only access to pipeline configuration metadata.

safe

list_snapshots

Lists available pipeline snapshots, optionally filtered by criteria.

Read-only access to pipeline configuration metadata.

safe

get_deployment

Retrieves the runtime status and URL of a deployment.

Read-only access to deployment metadata.

safe

list_deployments

Lists deployments, optionally filtered by status, pipeline, or tag.

Read-only access to deployment metadata.

safe

get_deployment_logs

Retrieves logs from a deployment, with configurable tail length.

Read-only access to deployment logs (bounded output).

moderate

trigger_pipeline

Triggers a new pipeline run using a snapshot or run template.

Initiates pipeline execution, potentially consuming resources.

safe

get_active_project

Retrieves the currently active project.

Read-only access to project metadata.

safe

get_project

Retrieves project details by name or ID.

Read-only access to project metadata.

safe

list_projects

Lists all projects.

Read-only access to project metadata.

safe

get_tag

Retrieves tag details (exclusive, colors).

Read-only access to tag metadata.

safe

list_tags

Lists tags, optionally filtered by resource type.

Read-only access to tag metadata.

safe

get_build

Retrieves build details (image, code embedding).

Read-only access to build metadata.

safe

list_builds

Lists builds, optionally filtered by criteria.

Read-only access to build metadata.

safe

get_user

Retrieves user details.

Read-only access to user metadata.

safe

list_users

Lists all users.

Read-only access to user metadata.

safe

get_active_user

Retrieves the currently active user.

Read-only access to user metadata.

safe

get_stack

Retrieves stack configuration details.

Read-only access to stack metadata.

safe

list_stacks

Lists all stack configurations.

Read-only access to stack metadata.

safe

get_stack_component

Retrieves stack component details.

Read-only access to stack component metadata.

safe

list_stack_components

Lists stack components.

Read-only access to stack component metadata.

safe

get_flavor

Retrieves component flavor details.

Read-only access to flavor metadata.

safe

list_flavors

Lists component flavors.

Read-only access to flavor metadata.

safe

get_service_connector

Retrieves service connector details.

Read-only access to service connector metadata.

safe

list_service_connectors

Lists service connectors.

Read-only access to service connector metadata.

safe

get_pipeline_run

Retrieves pipeline run details.

Read-only access to pipeline run metadata.

safe

list_pipeline_runs

Lists pipeline runs.

Read-only access to pipeline run metadata.

safe

get_run_step

Retrieves step details for a pipeline run.

Read-only access to step metadata.

safe

list_run_steps

Lists steps for a pipeline run.

Read-only access to step metadata.

safe

get_step_logs

Retrieves logs for a specific step in a pipeline run.

Read-only access to step logs.

safe

get_step_code

Retrieves the source code for a specific step in a pipeline run.

Read-only access to step source code.

safe

list_pipelines

Lists pipeline definitions.

Read-only access to pipeline definitions.

safe

get_pipeline_details

Retrieves details for a specific pipeline.

Read-only access to pipeline details.

safe

get_schedule

Retrieves schedule details.

Read-only access to schedule metadata.

safe

list_schedules

Lists schedules.

Read-only access to schedule metadata.

safe

list_artifacts

Lists artifact metadata.

Read-only access to artifact metadata.

safe

list_secrets

Lists secret names (not values).

Read-only access to secret names.

safe

get_service

Retrieves model service details.

Read-only access to service metadata.

safe

list_services

Lists model services.

Read-only access to service metadata.

safe

get_model

Retrieves model registry entry details.

Read-only access to model metadata.

safe

list_models

Lists model registry entries.

Read-only access to model metadata.

safe

get_model_version

Retrieves model version details.

Read-only access to model version metadata.

safe

list_model_versions

Lists model versions.

Read-only access to model version metadata.

safe

open_pipeline_run_dashboard

Opens an interactive pipeline runs dashboard.

Opens a dashboard within a sandboxed iframe.

safe

open_run_activity_chart

Opens a 30-day run activity bar chart.

Opens a chart within a sandboxed iframe.

safe

stack_components_analysis

Analyzes stack component usage.

Read-only analysis of stack component metadata.

safe

recent_runs_analysis

Analyzes recent pipeline runs.

Read-only analysis of pipeline run metadata.

safe

most_recent_runs

Retrieves the N most recent pipeline runs.

Read-only access to pipeline run metadata.

Security

Auth Method

API Key

Data Locality

hybrid

Known Risks

!Unauthorized pipeline triggering can lead to resource exhaustion or malicious code execution.
!Exposure of service connector credentials could compromise cloud resources.
!Insufficient input validation in tools could lead to injection vulnerabilities.
!Abuse of interactive apps could lead to denial of service.

Safety Score

moderate risk

Positive

+Primarily provides read-only access to ZenML metadata.
+Access to sensitive operations like triggering pipelines can be controlled via ZenML's permission system.
+MCP Apps run in sandboxed iframes.
+Authentication is required via API key or token.

Risks

-Allows triggering pipeline runs, potentially consuming resources or executing unintended code.
-Provides access to service connector credentials and secrets, if exposed within ZenML.
-Some tools allow access to code and logs, which could contain sensitive information.
-Lack of input validation in some tools could lead to unexpected behavior or exploits.

Use Cases

MLOps Automation

-Automated pipeline triggering based on external events.
-Programmatic access to pipeline run metadata for monitoring.
-Orchestration of model deployment workflows.

Data Analysis and Reporting

-Generating reports on pipeline performance and resource utilization.
-Analyzing stack component usage across projects.
-Tracking model lineage and version history.

Interactive Exploration

-Exploring pipeline runs and step details via interactive dashboards.
-Visualizing pipeline activity over time.
-Accessing step logs and code for debugging.

Who Is This For?

Best For

MLOps engineers
Data scientists
AI application developers
Teams using ZenML for pipeline management

Not Ideal For

Environments with strict security requirements prohibiting external API access.
Use cases requiring real-time data access with low latency.
Scenarios where ZenML is not the primary ML platform.

Autonomy & Execution

Default ModeRead-only

Sandboxed

The server primarily provides read-only access, limiting the scope for autonomous actions. Triggering pipelines requires careful consideration of resource consumption and potential side effects.

StatelessYes

Retry LogicNot documented

ConcurrencyNot documented

Production Tip

Monitor pipeline run activity and resource consumption to detect and prevent unauthorized or excessive pipeline triggering.

FAQ

What authentication methods are supported?

API Key or Service Account Token.

How do I trigger a pipeline run?

Use the `trigger_pipeline` tool with a snapshot name or ID.

Can I access the actual data artifacts through this server?

No, only metadata about the artifacts is available.

Are the MCP Apps secure?

Yes, they run in sandboxed iframes.

How can I limit the resources consumed by triggered pipelines?

Configure resource limits within ZenML pipelines.

What is the difference between a snapshot and a run template?

Snapshots are the preferred way to define runnable pipeline configurations. Run templates are deprecated.

How do I enable MCP Apps?

Use Streamable HTTP transport and a publicly reachable URL (e.g., via Docker and Cloudflare Tunnel).

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Zenml - AI Tool Review & Alternatives | Flaex AI