// SCAN REPORT

Claude Code Toolkit

40 tools. 16 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

16 can modify or destroy data
24 read-only
40 tools total

Community server · catalogue entry verified 11/06/2026

How to control Claude Code Toolkit ↓

TOOL MAP

What Claude Code Toolkit exposes to your agents

Read (24) Write / Execute (11) Destructive / Financial (5)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Claude Code Toolkit tools

Destructive · High wipe_traces This tool permanently and irreversibly deletes data (traces) with overwriting for security. Destructive · High cleanup_backups This tool irreversibly deletes data (backup files) to free disk space. Destructive · High clean_claude_directory The tool irreversibly deletes multiple types of data (debug logs, todos, snapshots, orphaned data) from the .claude directory. Destructive · High clean_traces Cleaning/purging trace data is an irreversible deletion operation.

16 of Claude Code Toolkit's 40 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Claude Code Toolkit

PolicyLayer is an MCP gateway — it sits between your AI agents and Claude Code Toolkit, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cleanup_backups": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "fix_image_issues": {
    "limits": [
      {
        "counter": "fix_image_issues_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "mcp_performance": {
    "limits": [
      {
        "counter": "mcp_performance_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Claude Code Toolkit — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON CLAUDE CODE TOOLKIT →

Free to start. No card required.

FULL CATALOGUE

All 40 Claude Code Toolkit tools

DESTRUCTIVE 5 tools
Destructive cleanup_backups Delete old backup files to free up disk space. Destructive wipe_traces Securely wipe ALL Claude Code traces. Overwrites files with zeros before deletion. Requires explicit confirmat Destructive clean_claude_directory Analyze and clean the .claude directory. Removes debug logs, empty todos, old snapshots, and orphaned data to Destructive clean_traces Selectively clean Claude Code traces by category, age, or project. Destructive enforce_retention Apply data retention policy by deleting sessions older than specified days.
EXECUTE 4 tools
Execute run_doctor Full integrity check: detects corrupted JSONL lines, truncated thinking blocks, oversized images/PDFs, session Execute run_maintenance Run maintenance checks on Claude Code installation. Identifies issues, old backups, and archive candidates. Ca Execute start_dashboard Start the web dashboard on a local port. Returns the URL to open in a browser. Execute unstick_session Unstick a Claude Code session that
WRITE 7 tools
Write fix_image_issues Fix oversized images in Claude Code conversations by replacing them with placeholder text. Creates backups bef Write archive_conversations Archive old/inactive conversations to free up space. Moves conversations that haven Write generate_trace_guard Generate hook configurations for ongoing trace prevention. Outputs JSON ready to add to settings. Write restore_backup Restore a conversation file from a backup. Write save_profile Snapshot the current ~/.claude.json as a named profile so it can be restored later via switch_profile. Write scaffold_hook Install a Claude Code hook from the toolkit Write switch_profile Swap the active ~/.claude.json with a saved profile. Auto-creates a backup of the previous active config. The
READ 24 tools
Read mcp_performance Track MCP server performance: call counts, error rates, most used tools. Read audit_session Generate an audit report for a session showing all files read/written, commands executed, MCP tools used, and Read check_alerts Check for issues and notifications: disk space warnings, corrupted sessions, quota violations. Read check_quotas Show usage quotas and limits: storage, sessions, retention age. Read estimate_context_size Estimate the context/token usage of a Claude Code conversation. Shows breakdown by message type, images, docum Read estimate_cost Estimate API costs based on token usage across all conversations. Read find_duplicates Scan for duplicate content across Claude Code conversations. Finds duplicate conversations, images, and docume Read get_conversation_stats Get detailed statistics about Claude Code conversations including message counts, tool usage, image counts, an Read git_integration Link sessions to git branches and commits. Shows which sessions are tied to which repositories. Read health_check Quick health check of Claude Code conversations. Reports total issues, largest files, and recommendations. Read inventory_traces Show complete inventory of all traces Claude Code has stored on disk, categorized by sensitivity level (critic Read list_backups List all backup files created by the image fixer, with size and date information. Read list_hooks List Claude Code hooks across user/project/local scopes, with validation warnings for unknown events, missing Read list_profiles List saved ~/.claude.json profiles and the currently active one. Profiles let you switch between work/personal Read list_sessions List all Claude Code sessions with health status. Shows session ID, project, size, message count, and whether Read recover_session Diagnose, repair, or extract content from a Claude Code session. Use for corrupted or crashed sessions. Read scan_image_issues Scan all Claude Code conversation files for oversized images that cause API errors. Returns detailed report of Read scan_pii Scan conversations for Personal Identifiable Information (PII) like emails, phone numbers, SSNs, credit cards. Read search_conversations Full-text search across all Claude Code conversations. Find where you discussed specific topics. Read security_scan Scan conversation files for leaked secrets (AWS keys, API tokens, passwords, private keys, connection strings, Read usage_analytics Generate a usage analytics dashboard showing conversation statistics, activity trends, top projects, tool usag Read usage_report Generate a real (not estimated) token usage and cost report from Claude Code Read validate_mcp_config Validate MCP server configurations. Checks JSON syntax, command existence, and optionally tests server connect Read export_conversation Export a Claude Code conversation to markdown or JSON format for backup or sharing.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Claude Code Toolkit

Can an AI agent delete data through the Claude Code Toolkit MCP server? +

Yes. The Claude Code Toolkit server exposes 5 destructive tools including cleanup_backups, wipe_traces, clean_claude_directory. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Claude Code Toolkit? +

The Claude Code Toolkit server has 7 write tools including fix_image_issues, archive_conversations, generate_trace_guard. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Claude Code Toolkit.

How many tools does the Claude Code Toolkit MCP server expose? +

40 tools across 4 categories: Destructive, Execute, Read, Write. 24 are read-only. 16 can modify, create, or delete data.

How do I enforce a policy on Claude Code Toolkit? +

Register the Claude Code Toolkit MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Claude Code Toolkit tool call.

Deterministic rules across all 40 Claude Code Toolkit tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON CLAUDE CODE TOOLKIT →

Free to start. No card required.

40 Claude Code Toolkit tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.