// SCAN REPORT

Local

108 tools. 38 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

38 can modify or destroy data
70 read-only
108 tools total

38 Local tools can modify or destroy data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE LOCAL →

Free to start. No card required.

TOOL MAP

Read (70) Write / Execute (35) Destructive / Financial (3)

CONTEXT-WINDOW COST

8,009 tokens of tool definitions, loaded on every request
4.0% of a 200k context window
221 heaviest tool: servicenow_update_incident

Full per-tool breakdown → Model it in the token calculator →

WHAT CAN GO WRONG

Destructive tools (m365_delete_event, onedrive_delete_file, outlook_calendar_delete_event) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (connect_m365_account, connect_servicenow, disconnect_m365_account) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (nordvpn_diagnose, run_diagnostics, run_qa) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

RECOMMENDED RULES

Deny destructive operations
{
  "m365_delete_event": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "connect_m365_account": {
    "limits": [
      {
        "counter": "connect_m365_account_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "daily_brief": {
    "limits": [
      {
        "counter": "daily_brief_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Get this policy live on your own Local server in minutes. Tune the limits to your setup; PolicyLayer enforces it on every call.

ENFORCE ON MY LOCAL →

ALL 108 LOCAL TOOLS

DESTRUCTIVE 3 tools
Destructive m365_delete_event Destructive onedrive_delete_file Destructive outlook_calendar_delete_event
EXECUTE 3 tools
Execute nordvpn_diagnose Execute run_diagnostics Execute run_qa
WRITE 32 tools
Write connect_m365_account Write connect_servicenow Write disconnect_m365_account Write disconnect_servicenow Write excel_create Write excel_write_cell Write gdrive_set_scope Write m365_create_event Write m365_reply_email Write m365_send_email Write onedrive_move_file Write onedrive_set_scope Write onedrive_write_file Write outlook_calendar_create_event Write outlook_create_folder Write outlook_move_email Write outlook_save_attachment Write outlook_send_email Write ppt_create Write servicenow_add_comment Write servicenow_create_incident Write servicenow_update_incident Write submit_qa_report Write teams_send_channel_message Write teams_send_message Write todo_complete_task Write todo_create_task Write update_local_mcp Write update_self_diagnosis Write whatsapp_send_file Write whatsapp_send_message Write word_create
READ 70 tools
Read daily_brief Read echo Read excel_read Read explorer_list Read explorer_search Read gdrive_file_info Read gdrive_list_files Read gdrive_read_file Read gdrive_root Read gdrive_search_files Read get_config Read get_m365_person Read list_m365_people_insights Read lmcp_state Read lmcp_welcome Read m365_get_contact Read m365_list_contacts Read m365_list_emails Read m365_list_events Read m365_read_email Read m365_search_contacts Read m365_search_emails Read nordvpn_servers Read nordvpn_status Read onedrive_file_info Read onedrive_list_files Read onedrive_read_file Read onedrive_root Read onedrive_search_files Read outlook_calendar_list_events Read outlook_calendar_list_names Read outlook_contacts_list Read outlook_contacts_search Read outlook_diagnose Read outlook_flag_email Read outlook_forward_email Read outlook_get_contact Read outlook_list_accounts Read outlook_list_emails Read outlook_read_email Read outlook_reply_all Read outlook_reply_email Read outlook_search_emails Read pdf_read Read ppt_read Read report_problem Read search_m365_directory Read servicenow_get_incident Read servicenow_list_my_incidents Read servicenow_search_incidents Read servicenow_search_kb Read slack_list_channels Read slack_list_workspaces Read slack_read_channel_messages Read slack_search_messages Read stocks_get_chart Read stocks_get_quote Read stocks_search_symbol Read teams_list_channels Read teams_list_chats Read teams_list_teams Read teams_read_channel_messages Read teams_read_chat_messages Read todo_list_lists Read todo_list_tasks Read whatsapp_list_chats Read whatsapp_read_messages Read whatsapp_search_messages Read word_append Read word_read

FAQ

Can an AI agent delete data through the Local MCP server? +

Yes. The Local server exposes 3 destructive tools including m365_delete_event, onedrive_delete_file, outlook_calendar_delete_event. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Local? +

The Local server has 32 write tools including connect_m365_account, connect_servicenow, disconnect_m365_account. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Local.

How many tools does the Local MCP server expose? +

108 tools across 4 categories: Destructive, Execute, Read, Write. 70 are read-only. 38 can modify, create, or delete data.

How do I enforce a policy on Local? +

Register the Local MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

Nodebench 724 tools
adminautomation
UnClick 451 tools
adminautomation
NowAIKit — ServiceNow AI Toolkit 446 tools
adminautomation
0nmcp 407 tools
adminautomation
ServiceNow MCP Server 384 tools
adminautomation
TheProtocol — Sovereign AI Agent Platform 380 tools
adminautomation
Aibtc 327 tools
adminautomation
Fusionauth 314 tools
adminautomation

Enforce policy on every Local tool call.

Deterministic rules across all 108 Local tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE LOCAL →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.