zscaler Plugin
Plugin Claude Code Security Security, Auth & ComplianceCloud, Deployment & CI/CDMonitoring & ObservabilityThe explanation below is AI-generated. Please verify it against the sources.
zscaler-mcp-server is a Model Context Protocol (MCP) server, described on its GitHub homepage, that connects AI agents to the Zscaler Zero Trust Exchange platform. It exposes 402 tools across ten Zscaler services (ZIA, ZPA, ZDX, ZCell, ZMS, ZTW, Z-Insights, ZIdentity, EASM, ZCC) and authenticates to Zscaler using OneAPI credentials. By default the server runs in read-only mode, exposing only list_* and get_* operations; write operations require both the --enable-write-tools flag and a mandatory --write-tools allowlist. According to the README, the project is currently in public preview and under active development, and production deployments are discouraged.
Overview
According to the GitHub README, zscaler-mcp-server is an MCP server for managing Zscaler cloud security products (ZPA, ZIA, ZDX, ZCC, EASM, Z-Insights, and others) via Large Language Models. It runs as a local process (stdio) or over HTTP (sse/streamable-http), can be installed via uvx/pip/uv, run as a Docker container, used as a Python library, or deployed to Azure, Google Cloud, Kubernetes, or Amazon Bedrock AgentCore.
What you can do with zscaler
- List and retrieve Zscaler resources by default (list_*/get_* tools, 110+ read-only tools), e.g. "List my ZPA Application segments" or "Show ZIA firewall rules"
- Enable create/update/delete operations explicitly with --enable-write-tools plus a mandatory --write-tools allowlist (supports wildcards like zpa_create_*)
- Select which services or toolsets are active via --services, --disabled-services, --toolsets, or corresponding environment variables
- Authenticate to Zscaler using OneAPI credentials (ZSCALER_CLIENT_ID, ZSCALER_CLIENT_SECRET or ZSCALER_PRIVATE_KEY, ZSCALER_CUSTOMER_ID, ZSCALER_VANITY_DOMAIN)
- Run the server via stdio, SSE, or streamable-http transport, with optional MCP client authentication (api-key, jwt, zscaler, or OAuth 2.1 via auth= parameter)
- Deploy the server as a Docker container, Python library, or to Azure, Google Cloud, Kubernetes (Helm), or Amazon Bedrock AgentCore
- Integrate with Claude Desktop, Cursor, VS Code, Claude Code, Gemini CLI, or Kiro IDE
Sources
Original description (English)
Manage Zscaler cloud security platform including ZPA (private access), ZIA (internet access), ZDX (digital experience), ZCC (client connector), EASM (attack surface), and Z-Insights (analytics). Create and manage policies, troubleshoot connectivity, audit security configurations, and investigate incidents across the full Zscaler ecosystem.
History of zscaler
- Plugin Added zscaler