// GLOSSARY -- MCP & TOOL INFRASTRUCTURE

What is a Tool Risk Category?

1 min read Updated

A classification label (Read, Write, Execute, Destructive, Financial) assigned to an MCP tool based on its potential impact, used to enforce graduated approval and policy controls.

WHY IT MATTERS

Not all tools carry equal risk. Reading a calendar event is fundamentally different from deleting a database table or initiating a payment. Without classification, every tool gets the same trust level — either everything is allowed or everything requires approval.

Risk categories enable graduated enforcement. Read tools can be auto-approved. Write tools get rate limits. Destructive tools require human confirmation. Financial tools need budget checks. Classification is the foundation of proportionate access control.

HOW POLICYLAYER USES THIS

PolicyLayer classifies 18,000+ MCP tools across 3,100+ servers into five risk categories using deterministic pattern matching on tool names, descriptions, and input schemas. This classification powers Intercept's policy engine.

FREQUENTLY ASKED QUESTIONS

What are the five categories?
Read (data retrieval), Write (create or modify data), Execute (run code or commands), Destructive (delete or irreversible actions), Financial (payments, transfers, billing).
How is classification done?
Deterministic pattern matching on tool names, descriptions, and input schemas — no LLM in the loop, so results are reproducible and auditable.
Can I override a classification?
Yes. Intercept policies let you override the default category for any tool. If your use case treats a 'write' tool as low-risk, you can configure accordingly.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.