// SCAN REPORT

Atv

19 tools. 7 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

7 can modify or destroy data
12 read-only
19 tools total
// TOOL MAP
Read (12) Write / Execute (2) Destructive / Financial (5)
// WHAT CAN GO WRONG

Financial operations (build_deposit_tx, build_queue_withdraw_tx, build_redeem_withdraw_tx) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Execute tools (build_stake_tx, build_unstake_tx) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and Atv. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @aarna-ai/atv
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Block financial tools by default
build_deposit_tx:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Cap read operations
get_deposit_status:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 19 ATV TOOLS
FINANCIAL 5 tools
Financial build_deposit_tx Financial build_queue_withdraw_tx Financial build_redeem_withdraw_tx Financial build_unqueue_withdraw_tx Financial build_withdraw_tx
EXECUTE 2 tools
Execute build_stake_tx Execute build_unstake_tx
READ 12 tools
Read get_deposit_status Read get_historical_nav Read get_queue_withdraw_status Read get_total_tvl Read get_user_investments Read get_vault Read get_vault_apy Read get_vault_balance Read get_vault_nav Read get_vault_tvl Read get_withdraw_status Read list_vaults
// FAQ
Can an AI agent move money through the Atv MCP server? +

Yes. The Atv server exposes 5 financial tools including build_deposit_tx, build_queue_withdraw_tx, build_redeem_withdraw_tx. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

How many tools does the Atv MCP server expose? +

19 tools across 3 categories: Execute, Financial, Read. 12 are read-only. 7 can modify, create, or delete data.

How do I add Intercept to my Atv setup? +

One line change. Instead of running the Atv server directly, prefix it with Intercept: intercept -c aarna-ai-atv.yaml -- npx -y @aarna-ai/atv. Download a pre-built policy from policylayer.com/policies/aarna-ai-atv and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Aibtc 288 tools
paymentsautomation
Xdevplatform/xmcp 135 tools
paymentsautomation
Hiveagent 122 tools
paymentsautomation
Srv D7aoqmh5pdvs7391dcqg 70 tools
paymentsautomation
Indigo Protocol MCP 62 tools
paymentsautomation
MERX - TRON Resource Exchange 54 tools
paymentsautomation
Sui 53 tools
paymentsautomation
Clareo 45 tools
paymentsautomation
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.