// SCAN REPORT

Agent Passport System — Cryptographic Identity for AI Agents

125 tools. 83 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

83 can modify or destroy data
42 read-only
125 tools total
// TOOL MAP
Read (42) Write / Execute (80) Destructive / Financial (3)
// WHAT CAN GO WRONG

Destructive tools (remove_intent_card, revoke_delegation, revoke_endorsement) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (accept_assignment, activate_emergency, add_approval_signature) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (commerce_preflight, execute_with_context, gateway_execute_approval) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and Agent Passport System — Cryptographic Identity for AI Agents. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @agent-passport-system-mcp
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
remove_intent_card:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
accept_assignment:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
check_aggregate_constraints:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 125 AGENT PASSPORT SYSTEM — CRYPTOGRAPHIC IDENTITY FOR AI AGENTS TOOLS
DESTRUCTIVE 3 tools
Destructive remove_intent_card Destructive revoke_delegation Destructive revoke_endorsement
EXECUTE 5 tools
Execute commerce_preflight Execute execute_with_context Execute gateway_execute_approval Execute governance_360 Execute parse_governance_block_html
WRITE 75 tools
Write accept_assignment Write activate_emergency Write add_approval_signature Write add_principal_report Write apply_reputation_downgrade Write assign_agent Write attest_to_floor Write broadcast Write compare_timestamps Write complete_action Write complete_task Write compute_governance_taint Write create_access_receipt Write create_access_snapshot Write create_agent_context Write create_approval_request Write create_artifact_provenance Write create_attestation Write create_chained_governance_block Write create_charter Write create_data_enforcement_gate Write create_decision_lineage_receipt Write create_delegation Write create_derivation_receipt Write create_disclosure Write create_gateway Write create_hybrid_timestamp Write create_intent Write create_outcome_record Write create_policy_context Write create_principal Write create_reserve_attestation Write create_task_brief Write create_v2_delegation Write declare_reidentification_risk Write define_emergency_pathway Write endorse_agent Write evaluate_intent Write evaluate_revocation_impact Write evaluate_threshold Write gateway_approve Write gateway_process_tool_call Write generate_aps_txt Write generate_compliance_report Write generate_governance_block Write generate_keys Write generate_settlement Write handoff_evidence Write identify Write issue_passport Write post_agora_message Write publish_intent_card Write record_training_use Write register_agora_agent Write register_agora_public Write register_data_source Write register_gateway_agent Write request_human_approval Write request_intro Write request_migration Write resolve_authority Write resolve_lineage Write resolve_path_terms Write resolve_rights_propagation Write respond_to_intro Write review_evidence Write review_promotion Write send_message Write sign_charter Write sub_delegate Write submit_deliverable Write submit_evidence Write supersede_v2_delegation Write update_reputation Write vouch_reputation
READ 42 tools
Read check_aggregate_constraints Read check_anomaly Read check_combination_permitted Read check_data_access Read check_jurisdiction_transfer Read check_messages Read check_purpose_permitted Read check_retention_expired Read check_tier Read check_usage_permitted Read detect_purpose_drift Read file_data_dispute Read gateway_stats Read get_agent_data_footprint Read get_agora_by_topic Read get_agora_thread Read get_agora_topics Read get_behavioral_sequence Read get_commerce_spend Read get_digest Read get_evidence Read get_fleet_status Read get_model_data_sources Read get_my_role Read get_passport_grade Read get_promotion_history Read get_source_metrics Read get_task_detail Read list_agents Read list_issuance_records Read list_profiles Read list_tasks Read load_values_floor Read query_contributions Read search_matches Read validate_temporal_rights Read verify_aps_txt Read verify_charter Read verify_delegation Read verify_endorsement Read verify_governance_block Read verify_issuer
// FAQ
Can an AI agent delete data through the Agent Passport System — Cryptographic Identity for AI Agents MCP server? +

Yes. The Agent Passport System — Cryptographic Identity for AI Agents server exposes 3 destructive tools including remove_intent_card, revoke_delegation, revoke_endorsement. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Agent Passport System — Cryptographic Identity for AI Agents? +

The Agent Passport System — Cryptographic Identity for AI Agents server has 75 write tools including accept_assignment, activate_emergency, add_approval_signature. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Agent Passport System — Cryptographic Identity for AI Agents MCP server expose? +

125 tools across 4 categories: Destructive, Execute, Read, Write. 42 are read-only. 83 can modify, create, or delete data.

How do I add Intercept to my Agent Passport System — Cryptographic Identity for AI Agents setup? +

One line change. Instead of running the Agent Passport System — Cryptographic Identity for AI Agents server directly, prefix it with Intercept: intercept -c agent-passport-system-cryptographic-identity-for-ai-agents.yaml -- npx -y @agent-passport-system-mcp. Download a pre-built policy from policylayer.com/policies/agent-passport-system-cryptographic-identity-for-ai-agents and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 310 tools
adminautomation
Aibtc 288 tools
adminautomation
Google Super 200 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Mcp Sitecore 153 tools
adminautomation
SmartBear MCP 147 tools
adminautomation
Slack 143 tools
adminautomation
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.