// SCAN REPORT

Heista

69 tools. 14 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated: 6 Jun 2026

14 can modify or destroy data

55 read-only

69 tools total

Free to start. No card required.

TOOL MAP

Read (55) Write / Execute (12) Destructive / Financial (2)

CONTEXT-WINDOW COST

29,371 tokens of tool definitions, loaded on every request

15% of a 200k context window

1,241 heaviest tool: call_creative_worlds

Full per-tool breakdown → Model it in the token calculator →

WHAT CAN GO WRONG

Destructive tools (delete_brand_asset, delete_saved_asset) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (add_brand_asset, call_creative_worlds, create_powersource_docs) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (chat_with_creative_worlds, dispatch_head_of_research, retag_brand_asset) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

RECOMMENDED RULES

Deny destructive operations

{
  "delete_brand_asset": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "add_brand_asset": {
    "limits": [
      {
        "counter": "add_brand_asset_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "adformula_intelligence": {
    "limits": [
      {
        "counter": "adformula_intelligence_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

ALL 69 HEISTA TOOLS

DESTRUCTIVE 2 tools

Destructive delete_brand_asset Destructive delete_saved_asset

EXECUTE 3 tools

Execute chat_with_creative_worlds Execute dispatch_head_of_research Execute retag_brand_asset

WRITE 9 tools

Write add_brand_asset Write call_creative_worlds Write create_powersource_docs Write create_powersource_full Write create_powersource_url Write decoder_intelligence Write favorite_saved_asset Write generate_adscript Write save_asset

READ 55 tools

Read adformula_intelligence Read check_balance Read decode_ad Read dispatch_desk_researcher Read dispatch_desk_researcher_async Read dispatch_market_analyst Read dispatch_market_analyst_async Read dispatch_qualitative_researcher Read dispatch_qualitative_researcher_async Read dispatch_quantitative_researcher Read dispatch_quantitative_researcher_async Read dispatch_social_listening_researcher Read dispatch_social_listening_researcher_async Read dispatch_trend_researcher Read dispatch_trend_researcher_async Read fetch_url Read get_ad_formula_preset Read get_brand Read get_creative_agent_preset Read get_creative_director_playbook_preset Read get_decode Read get_decoded_ad_preset Read get_dispatch_result Read get_hook_intelligence Read get_image_ad_scan_preset Read get_powersource Read get_saved_asset Read get_saved_assets_batch Read get_saved_visual_idea_preset Read get_strategy Read get_visual_preset_preset Read get_visual_style_preset Read list_ad_formula_presets Read list_brand_assets Read list_brand_documents Read list_brands Read list_creative_agent_presets Read list_creative_director_playbook_presets Read list_decoded_ad_presets Read list_image_ad_scan_presets Read list_saved_assets Read list_saved_visual_idea_presets Read list_skills Read list_strategies Read list_strategy_audiences Read list_strategy_tones Read list_visual_preset_presets Read list_visual_style_presets Read load_skill Read load_skill_reference Read perplexity_search Read read_brand_document Read search Read search_community Read search_research

FAQ

Can an AI agent delete data through the Heista MCP server? +

Yes. The Heista server exposes 2 destructive tools including delete_brand_asset, delete_saved_asset. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Heista? +

The Heista server has 9 write tools including add_brand_asset, call_creative_worlds, create_powersource_docs. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Heista.

How many tools does the Heista MCP server expose? +

69 tools across 4 categories: Destructive, Execute, Read, Write. 55 are read-only. 14 can modify, create, or delete data.

How do I enforce a policy on Heista? +

Register the Heista MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

Enforce policy on every Heista tool call.

Deterministic rules across all 69 Heista tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE HEISTA →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

Heista

// TOOL MAP

// CONTEXT-WINDOW COST

// WHAT CAN GO WRONG

// RECOMMENDED RULES

// ALL 69 HEISTA TOOLS

// FAQ