How do I install Elster?

Elster is a local plugin. Install it using npm package: elster-mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Elster safe to use?

Elster was flagged by MCP Marketplace's security scan, scoring 4.2/10 (high risk). It has 2 high or critical findings to review. Review the security report on this page carefully before installing it.

What AI apps work with Elster?

Elster uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Elster MCP Server

by Lukasschwarz

Developer ToolsUse Caution4.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Drive the German tax portal ELSTER via Puppeteer: submit UStVA, prepare EUER/ESt, sync inbox.

About

Drive the German tax portal ELSTER via Puppeteer: submit UStVA, prepare EUER/ESt, sync inbox.

Security Report

4.2

Use Caution4.2High Risk

This MCP server automates the German ELSTER tax portal using Puppeteer and user-provided credentials. While the code demonstrates careful design with explicit confirmation flows before submission and no obvious malicious patterns, there are several security and code quality concerns: sensitive configuration data (certificate paths, passwords, tax numbers) is read from env vars and config files without comprehensive validation; the server performs complex DOM manipulation and field detection with broad CSS selectors and XPath queries that could be fragile or exploited; error handling logs error messages that may contain sensitive details; and permissions (file I/O, network, browser automation) are broad relative to typical developer tools. The explicit confirmation requirement before UStVA submission is a good safeguard, but the overall architecture and handling of credentials warrant caution. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 2 high severity). Package verification found 1 issue.

4 files analyzed · 11 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

process_spawn

Check that this permission is expected for this type of plugin.

system_info

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Path to a config.json that holds all settings below. Recommended.Optional

Environment variable: ELSTER_CONFIG_PATH

Absolute path to your ELSTER certificate (.pfx).Optional

Environment variable: ELSTER_PFX_PATH

Password for the .pfx certificate.Required

Environment variable: ELSTER_PASSWORD

Your Steuernummer in the format issued by your Finanzamt.Optional

Environment variable: ELSTER_TAX_NUMBER

Two-digit ELSTER federal-state code of your Finanzamt.Optional

Environment variable: ELSTER_STATE_CODE

Last name / company name.Optional

Environment variable: ELSTER_NAME

First name.Optional

Environment variable: ELSTER_FIRST_NAME

Street.Optional

Environment variable: ELSTER_STREET

House number.Optional

Environment variable: ELSTER_HOUSE_NUMBER

ZIP code.Optional

Environment variable: ELSTER_ZIP

City.Optional

Environment variable: ELSTER_CITY

ISO country code, default DE.Optional

Environment variable: ELSTER_COUNTRY

Run Chromium headless (true/false). Default true.Optional

Environment variable: ELSTER_HEADLESS

If 1, skip the EUER pre-hook in ESt sessions.Optional

Environment variable: ELSTER_EST_SKIP_EUR

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-lukasschwarz-elster-mcp-server": {
      "env": {
        "ELSTER_ZIP": "your-elster-zip-here",
        "ELSTER_CITY": "your-elster-city-here",
        "ELSTER_NAME": "your-elster-name-here",
        "ELSTER_STREET": "your-elster-street-here",
        "ELSTER_COUNTRY": "your-elster-country-here",
        "ELSTER_HEADLESS": "your-elster-headless-here",
        "ELSTER_PASSWORD": "your-elster-password-here",
        "ELSTER_PFX_PATH": "your-elster-pfx-path-here",
        "ELSTER_FIRST_NAME": "your-elster-first-name-here",
        "ELSTER_STATE_CODE": "your-elster-state-code-here",
        "ELSTER_TAX_NUMBER": "your-elster-tax-number-here",
        "ELSTER_CONFIG_PATH": "your-elster-config-path-here",
        "ELSTER_EST_SKIP_EUR": "your-elster-est-skip-eur-here",
        "ELSTER_HOUSE_NUMBER": "your-elster-house-number-here"
      },
      "args": [
        "-y",
        "elster-mcp-server"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

elster-mcp-server

A Model Context Protocol (MCP) server that lets Claude (or any MCP-capable client) drive the German tax portal ELSTER via Puppeteer.

⚖️ Legal Notice / Rechtlicher Hinweis

English

This project is an experimental, community-built tool. It is not affiliated with, endorsed by, or supported by the Bundesministerium der Finanzen, the ELSTER project, or any tax authority.
The official, supported way to submit tax data programmatically is the ERiC library (registration as a software vendor required). This tool instead automates the public ELSTER web portal with a real user session — the same path a human user takes — using credentials YOU provide.
The official ELSTER terms of use ("Nutzungsbedingungen") may restrict automated access to the portal. Whether your specific use is permitted is your responsibility to verify before running this software.
Use at your own risk. The author(s) provide this software AS IS, WITHOUT WARRANTY OF ANY KIND (see LICENSE). The author(s) accept NO liability for incorrect tax submissions, account suspensions, missed deadlines, lost data, or any other consequences arising from the use of this software.
This project is not tax advice (no "Hilfeleistung in Steuersachen" in the sense of § 2 StBerG). If you are unsure whether a submission is correct, consult a Steuerberater.
Operators using this software in a commercial context (e.g. submitting on behalf of third parties) may be subject to the German Steuerberatungsgesetz and must verify their own licensing situation.

Deutsch

Dieses Projekt ist ein experimentelles, von der Community gebautes Werkzeug. Es ist weder vom Bundesministerium der Finanzen noch vom ELSTER-Projekt noch von einer Finanzbehörde unterstützt, autorisiert oder geprüft.
Der offizielle, vom BMF unterstützte Weg zur programmatischen Übermittlung von Steuerdaten ist die ERiC-Bibliothek (Registrierung als Softwarehersteller erforderlich). Dieses Tool nimmt stattdessen den Weg über das öffentliche ELSTER-Webportal — denselben Weg, den ein menschlicher Nutzer per Browser geht — mit Zertifikatsdaten, die DU bereitstellst.
Die offiziellen ELSTER-Nutzungsbedingungen können automatisierten Zugriff auf das Portal einschränken oder verbieten. Es liegt in deiner alleinigen Verantwortung zu prüfen, ob dein konkreter Anwendungsfall erlaubt ist, bevor du dieses Tool nutzt.
Nutzung auf eigenes Risiko. Die Autor:innen stellen die Software OHNE JEGLICHE GEWÄHRLEISTUNG bereit (siehe LICENSE). Die Autor:innen übernehmen keine Haftung für fehlerhafte Steuerübermittlungen, gesperrte Konten, versäumte Fristen, Datenverluste oder sonstige Folgen aus der Nutzung dieser Software.
Dieses Projekt ist keine Steuerberatung im Sinne des § 2 StBerG. In Zweifelsfällen ist ein:e Steuerberater:in zu konsultieren.
Wer diese Software gewerblich einsetzt (z.B. Übermittlung im Auftrag Dritter), unterliegt unter Umständen dem Steuerberatungsgesetz und muss seine Berechtigung selbst sicherstellen.

Practical safeguards built into the tool

The only tool that actually transmits data is elster_ustva_confirm — it requires an explicit second call after elster_ustva_start has paused at AWAITING_CONFIRM. Nothing is sent without that second confirmation.
The EÜR and ESt tools never submit. They only fill the form up to "Prüfen" and stop, so you review and submit yourself in the ELSTER portal.
All sync / history / inbox tools are read-only and never modify state on the ELSTER side.

Features

Tool	What it does	Submits?
`elster_login_test`	Verifies your certificate + password can log in	No
`elster_config_show`	Shows the loaded config (secrets redacted)	No
`elster_kennziffern_list`	Returns the supported UStVA Kennziffern with descriptions	No
`elster_ustva_generate_xml`	Generates a UStVA XML snapshot (archive only)	No
`elster_ustva_detect_reverse_charge`	Detects §13b reverse-charge suppliers	No
`elster_ustva_start`	Logs in, fills, runs Prüfung, then pauses for confirmation	Pauses
`elster_ustva_confirm`	Clicks "Absenden" after you reviewed	Yes
`elster_eur_start`	Fills Anlage EÜR up to Prüfung, then "Speichern und Verlassen"	No
`elster_est_start`	Opens ESt 1 A, fills basics, runs Prüfung, keeps browser open 30 min	No
`elster_sync_history`	Reads "Übermittelte Formulare" (optionally with PDFs)	No
`elster_sync_inbox`	Reads ELSTER inbox (optionally with PDFs)	No
`elster_session_status` / `_list` / `_cancel`	Session management	No

Requirements

Node.js ≥ 18
An ELSTER certificate file (.pfx) — get it from https://www.elster.de → "Mein ELSTER" → "Mein Benutzerkonto" → "Zertifikat verlängern"
The certificate password
Your Steuernummer and Bundesland-Code

Install

git clone https://github.com/YOUR_USERNAME/elster-mcp-server.git
cd elster-mcp-server
npm install
npm run build

Puppeteer will install a bundled Chromium on first install (~150 MB).

Configuration

cp config.example.json config.json
$EDITOR config.json

All keys in config.json can be overridden by environment variables (ELSTER_PFX_PATH, ELSTER_PASSWORD, ELSTER_TAX_NUMBER, ELSTER_STATE_CODE, ELSTER_NAME, ELSTER_FIRST_NAME, ELSTER_STREET, ELSTER_HOUSE_NUMBER, ELSTER_ZIP, ELSTER_CITY, ELSTER_COUNTRY, ELSTER_DOWNLOAD_DIR, ELSTER_SCREENSHOT_DIR, ELSTER_HEADLESS, ELSTER_EST_SKIP_EUR). Env vars win over the file.

You can also point the loader at a different config file via ELSTER_CONFIG_PATH=/path/to/your/config.json.

The two-digit stateCode for your Finanzamt is published by ELSTER — look up the current value in the official ELSTER documentation.

Reverse-Charge supplier list

Add your §13b UStG suppliers under ustva.reverseChargeSuppliers in config.json. Patterns are case-insensitive regexes matched against the voucher's contactName or description. Example entry:

{ "pattern": "your-supplier\\s+ireland", "region": "EU", "name": "Your Supplier Ireland" }

Use with Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "elster": {
      "command": "node",
      "args": ["/absolute/path/to/elster-mcp-server/dist/index.js"],
      "env": {
        "ELSTER_CONFIG_PATH": "/absolute/path/to/elster-mcp-server/config.json"
      }
    }
  }
}

See examples/claude_desktop_config.json for the template.

Use with any MCP client

Run the server in stdio mode:

node dist/index.js

Then connect via your client's MCP transport.

Typical UStVA flow

1. elster_login_test                          → { ok: true }
2. elster_kennziffern_list                    → reference for valid codes
3. elster_ustva_start({                       → { sessionId: "ustva-..." }
     year: 2026,
     period: "Q1",
     report: { "81": 12000, "86": 300, "66": 1845.30 }
   })
4. elster_session_status({ sessionId })       → poll until status == AWAITING_CONFIRM
   (open the screenshot at screenshotPath to verify)
5. elster_ustva_confirm({ sessionId })        → { success: true, ticket: "..." }

Typical EÜR flow

1. elster_login_test
2. elster_eur_start({
     year: 2025,
     data: {
       betriebseinnahmen: 50000,
       fahrzeugkosten: 1200,
       afa: 800,
       homeOffice: 1260
     }
   })
3. elster_session_status (poll until SAVED or AWAITING_REVIEW)
4. open the ELSTER portal in your browser → "Meine Formulare" → review the draft → submit manually

Security notes

Never commit your .env, config.json, or .pfx. They are gitignored by default.
The certificate password is read from env / config and passed to Puppeteer — make sure the host running this server is trusted.
Set ELSTER_HEADLESS=false once to watch the first run and confirm everything is wired correctly.

Limitations

The ELSTER portal selectors can change. If a flow breaks, run with ELSTER_HEADLESS=false and check the screenshots written to ./screenshots/.
The ESt tool is intentionally a thin wrapper — German income-tax forms (Anlage G, V, N, S, KAP …) are dozens of different forms with thousands of fields. This server provides the framework (login, open, fill-by-label-or-id, Prüfen) and leaves the field choices to you.
No XML submission path. Official programmatic submission requires the ERiC library (registration as a software vendor). This server uses the same Online-Formular path that any taxpayer uses.

License

MIT

Contributing

PRs welcome. The most useful additions are:

More robust selectors for changed ELSTER pages
Pre-filled Anlage G / V / N / S templates for ESt
A typed report schema validator for elster_ustva_*

When opening an issue, please run with ELSTER_HEADLESS=false and attach the screenshot under ./screenshots/ that shows the failure.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Elster MCP Server

About

Security Report

Findings (11)Action required

Permissions Required

What You'll Need

How to Install

Documentation

elster-mcp-server

⚖️ Legal Notice / Rechtlicher Hinweis

Features

Requirements

Install

Configuration

Reverse-Charge supplier list

Use with Claude Desktop

Use with any MCP client

Typical UStVA flow

Typical EÜR flow

Security notes

Limitations

License

Contributing

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

Elster MCP Server

About

Security Report

Findings (11)Action required

Permissions Required

What You'll Need

How to Install

Documentation

elster-mcp-server

⚖️ Legal Notice / Rechtlicher Hinweis

Features

Requirements

Install

Configuration

Reverse-Charge supplier list

Use with Claude Desktop

Use with any MCP client

Typical UStVA flow

Typical EÜR flow

Security notes

Limitations

License

Contributing

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent