// SCAN REPORT

AWS IoT SiteWise MCP Server

72 tools. 33 can modify or destroy data without limits.

7 destructive tools with no built-in limits. Policy required.

Last updated:

33 can modify or destroy data
39 read-only
72 tools total
// TOOL MAP
Read (39) Write / Execute (26) Destructive / Financial (7)
// WHAT CAN GO WRONG

Financial operations (cancel_metadata_transfer_job, create_metadata_transfer_job) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (delete_asset, delete_asset_model, delete_computation_model) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (batch_put_asset_property_value, convert_multiple_timestamps, convert_unix_timestamp) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (execute_action, execute_inference_action, execute_query) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES
Block financial tools by default
cancel_metadata_transfer_job:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
delete_asset:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
batch_put_asset_property_value:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
associate_assets:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 72 AWS IOT SITEWISE MCP SERVER TOOLS
FINANCIAL 2 tools
Financial cancel_metadata_transfer_job Financial create_metadata_transfer_job
DESTRUCTIVE 5 tools
Destructive delete_asset Destructive delete_asset_model Destructive delete_computation_model Destructive delete_gateway Destructive delete_time_series
EXECUTE 4 tools
Execute execute_action Execute execute_inference_action Execute execute_query Execute execute_training_action
WRITE 22 tools
Write batch_put_asset_property_value Write convert_multiple_timestamps Write convert_unix_timestamp Write create_anomaly_detection_model Write create_asset Write create_asset_model Write create_asset_model_composite_model Write create_buffered_ingestion_job Write create_bulk_import_iam_role Write create_bulk_import_job Write create_bulk_import_schema Write create_computation_model Write create_gateway Write create_timestamp_range Write put_default_encryption_configuration Write put_logging_options Write put_storage_configuration Write update_asset Write update_asset_model Write update_computation_model Write update_gateway Write update_gateway_capability_configuration
READ 39 tools
Read associate_assets Read associate_time_series_to_asset_property Read batch_get_asset_property_aggregates Read batch_get_asset_property_value Read batch_get_asset_property_value_history Read describe_action Read describe_asset Read describe_asset_model Read describe_bulk_import_job Read describe_computation_model Read describe_computation_model_execution_summary Read describe_default_encryption_configuration Read describe_execution Read describe_gateway Read describe_gateway_capability_configuration Read describe_logging_options Read describe_storage_configuration Read describe_time_series Read disassociate_assets Read disassociate_time_series_from_asset_property Read get_asset_property_aggregates Read get_asset_property_value Read get_asset_property_value_history Read get_current_timestamp Read get_interpolated_asset_property_values Read get_metadata_transfer_job Read list_actions Read list_asset_model_properties Read list_asset_models Read list_assets Read list_associated_assets Read list_bulk_import_jobs Read list_computation_model_data_binding_usages Read list_computation_model_resolve_to_resources Read list_computation_models Read list_executions Read list_gateways Read list_metadata_transfer_jobs Read list_time_series
// FAQ
Can an AI agent move money through the AWS IoT SiteWise MCP Server MCP server? +

Yes. The AWS IoT SiteWise MCP Server server exposes 2 financial tools including cancel_metadata_transfer_job, create_metadata_transfer_job. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

Can an AI agent delete data through the AWS IoT SiteWise MCP Server MCP server? +

Yes. The AWS IoT SiteWise MCP Server server exposes 5 destructive tools including delete_asset, delete_asset_model, delete_computation_model. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through AWS IoT SiteWise MCP Server? +

The AWS IoT SiteWise MCP Server server has 22 write tools including batch_put_asset_property_value, convert_multiple_timestamps, convert_unix_timestamp. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the AWS IoT SiteWise MCP Server MCP server expose? +

72 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 39 are read-only. 33 can modify, create, or delete data.

How do I add Intercept to my AWS IoT SiteWise MCP Server setup? +

One line change. Instead of running the AWS IoT SiteWise MCP Server server directly, prefix it with Intercept: intercept -c aws-iot-sitewise-mcp-server.yaml -- npx -y @awslabs.aws-iot-sitewise-mcp-server. Download a pre-built policy from policylayer.com/policies/aws-iot-sitewise-mcp-server and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Aibtc 308 tools
paymentsadminautomation
Agent Passport System — Cryptographic Identity for AI Agents 150 tools
paymentsadminautomation
Xdevplatform/xmcp 135 tools
paymentsadminautomation
Hiveagent 122 tools
paymentsadminautomation
MERX - TRON Resource Exchange 66 tools
paymentsadminautomation
Helius 63 tools
paymentsadminautomation
Indigo Protocol MCP 62 tools
paymentsadminautomation
Kosyak Evm 50 tools
paymentsadminautomation

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.