// SCAN REPORT

Binalyze AIR MCP Server

116 tools. 71 can modify or destroy data without limits.

17 destructive tools with no built-in limits. Policy required.

Last updated:

71 can modify or destroy data
45 read-only
116 tools total
// TOOL MAP
Read (45) Write / Execute (54) Destructive / Financial (17)
// WHAT CAN GO WRONG

Destructive tools (cancel_task_assignment, cancel_task_by_id, delete_auto_asset_tag_by_id) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (acquire_baseline, add_note_to_case, add_tags_to_assets) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (start_tagging) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES
Deny destructive operations
cancel_task_assignment:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
acquire_baseline:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
check_case_name:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 116 BINALYZE AIR MCP SERVER TOOLS
DESTRUCTIVE 17 tools
Destructive cancel_task_assignment Destructive cancel_task_by_id Destructive delete_auto_asset_tag_by_id Destructive delete_note_from_case Destructive delete_organization Destructive delete_policy_by_id Destructive delete_repository Destructive delete_tags_from_organization Destructive delete_task_assignment Destructive delete_task_by_id Destructive delete_triage_rule Destructive purge_and_uninstall_assets Destructive remove_endpoints_from_case Destructive remove_tags_from_assets Destructive remove_task_assignment_from_case Destructive remove_user_from_organization Destructive uninstall_assets
EXECUTE 1 tools
Execute start_tagging
WRITE 53 tools
Write acquire_baseline Write add_note_to_case Write add_tags_to_assets Write add_tags_to_organization Write archive_case_by_id Write assign_acquisition_task Write assign_image_acquisition_task Write assign_isolation_task Write assign_log_retrieval_task Write assign_reboot_task Write assign_shutdown_task Write assign_triage_task Write assign_users_to_organization Write assign_version_update_task Write call_webhook Write change_case_owner Write close_case_by_id Write compare_baseline Write create_acquisition_profile Write create_amazon_s3_repository Write create_auto_asset_tag Write create_azure_storage_repository Write create_case Write create_ftps_repository Write create_organization Write create_policy Write create_sftp_repository Write create_smb_repository Write create_triage_rule Write create_triage_tag Write export_audit_logs Write export_case_activities Write export_case_endpoints Write export_case_notes Write export_cases Write import_task_assignments_to_case Write open_case_by_id Write post_webhook Write update_amazon_s3_repository Write update_auto_asset_tag Write update_azure_storage_repository Write update_banner_message Write update_case Write update_ftps_repository Write update_note_in_case Write update_organization_by_id Write update_organization_deployment_token Write update_organization_shareable_deployment Write update_policy Write update_policy_priorities Write update_sftp_repository Write update_smb_repository Write update_triage_rule
READ 45 tools
Read check_case_name Read check_organization_name_exists Read download_case_ppc Read download_task_report Read get_acquisition_profile_by_id Read get_asset_by_id Read get_asset_tasks_by_id Read get_auto_asset_tag_by_id Read get_case_activities Read get_case_by_id Read get_case_endpoints Read get_case_tasks_by_id Read get_case_users Read get_comparison_report Read get_organization_by_id Read get_organization_users Read get_policy_by_id Read get_policy_match_stats Read get_report_file_info Read get_repository_by_id Read get_shareable_deployment_info Read get_task_assignments Read get_task_assignments_by_id Read get_task_by_id Read get_triage_rule_by_id Read get_user_by_id Read list_acquisition_artifacts Read list_acquisition_profiles Read list_assets Read list_audit_logs Read list_auto_asset_tags Read list_cases Read list_drone_analyzers Read list_e_discovery_patterns Read list_organizations Read list_policies Read list_repositories Read list_tasks Read list_triage_rules Read list_triage_tags Read list_users Read validate_amazon_s3_repository Read validate_azure_storage_repository Read validate_ftps_repository Read validate_triage_rule
// FAQ
Can an AI agent delete data through the Binalyze AIR MCP Server MCP server? +

Yes. The Binalyze AIR MCP Server server exposes 17 destructive tools including cancel_task_assignment, cancel_task_by_id, delete_auto_asset_tag_by_id. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Binalyze AIR MCP Server? +

The Binalyze AIR MCP Server server has 53 write tools including acquire_baseline, add_note_to_case, add_tags_to_assets. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Binalyze AIR MCP Server MCP server expose? +

116 tools across 4 categories: Destructive, Execute, Read, Write. 45 are read-only. 71 can modify, create, or delete data.

How do I add Intercept to my Binalyze AIR MCP Server setup? +

One line change. Instead of running the Binalyze AIR MCP Server server directly, prefix it with Intercept: intercept -c binalyze-air-mcp.yaml -- npx -y @binalyze/air-mcp. Download a pre-built policy from policylayer.com/policies/binalyze-air-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 314 tools
adminautomation
Aibtc 308 tools
adminautomation
SmartBear MCP 243 tools
adminautomation
Google Super 200 tools
adminautomation
Arcane 180 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Opencut Controller 161 tools
adminautomation

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

Currently onboarding teams running MCP in production.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.

// REQUEST EARLY ACCESS

We're letting people in as fast as we can.

You're in the queue.

We'll be in touch as soon as we can let you in.