// SCAN REPORT

Aptos Blockchain Server

16 tools. 10 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

10 can modify or destroy data
6 read-only
16 tools total
// TOOL MAP
Read (6) Write / Execute (8) Destructive / Financial (2)
// WHAT CAN GO WRONG

Financial operations (transfer_apt, transfer_coin) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Write operations (create_account, create_managed_coin, fund_account) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (deploy_coin, deploy_fungible_asset, deploy_token_factory) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and Aptos Blockchain Server. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @cuongpo/aptos-mcp
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Block financial tools by default
transfer_apt:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Rate limit write operations
create_account:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
get_account_info:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 16 APTOS BLOCKCHAIN SERVER TOOLS
FINANCIAL 2 tools
Financial transfer_apt Financial transfer_coin
EXECUTE 4 tools
Execute deploy_coin Execute deploy_fungible_asset Execute deploy_token_factory Execute quick_deploy_coin
WRITE 4 tools
Write create_account Write create_managed_coin Write fund_account Write register_coin
READ 6 tools
Read get_account_info Read get_account_transactions Read get_apt_balance Read get_coin_balance Read get_transaction_status Read mint_coin
// FAQ
Can an AI agent move money through the Aptos Blockchain Server MCP server? +

Yes. The Aptos Blockchain Server server exposes 2 financial tools including transfer_apt, transfer_coin. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

How do I prevent bulk modifications through Aptos Blockchain Server? +

The Aptos Blockchain Server server has 4 write tools including create_account, create_managed_coin, fund_account. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Aptos Blockchain Server MCP server expose? +

16 tools across 4 categories: Execute, Financial, Read, Write. 6 are read-only. 10 can modify, create, or delete data.

How do I add Intercept to my Aptos Blockchain Server setup? +

One line change. Instead of running the Aptos Blockchain Server server directly, prefix it with Intercept: intercept -c cuongpo-aptos-mcp.yaml -- npx -y @cuongpo/aptos-mcp. Download a pre-built policy from policylayer.com/policies/cuongpo-aptos-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Aibtc 288 tools
paymentsautomation
Xdevplatform/xmcp 135 tools
paymentsautomation
Hiveagent 122 tools
paymentsautomation
Srv D7aoqmh5pdvs7391dcqg 70 tools
paymentsautomation
Indigo Protocol MCP 62 tools
paymentsautomation
MERX - TRON Resource Exchange 54 tools
paymentsautomation
Sui 53 tools
paymentsautomation
Clareo 45 tools
paymentsautomation
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.