// SCAN REPORT

Gastos Flow

55 tools. 37 can modify or destroy data without limits.

10 destructive tools with no built-in limits. Policy required.

Last updated:

37 can modify or destroy data
18 read-only
55 tools total
// TOOL MAP
Read (18) Write / Execute (27) Destructive / Financial (10)
// WHAT CAN GO WRONG

Destructive tools (gastos_flow_delete_categoria, gastos_flow_delete_cuenta, gastos_flow_delete_deuda_cobrar) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (gastos_flow_activar_gasto_recurrente, gastos_flow_create_categoria, gastos_flow_create_cuenta) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

// RECOMMENDED RULES
Deny destructive operations
gastos_flow_delete_categoria:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
gastos_flow_activar_gasto_recurrente:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
gastos_flow_get_categoria:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 55 GASTOS FLOW TOOLS
DESTRUCTIVE 10 tools
Destructive gastos_flow_delete_categoria Destructive gastos_flow_delete_cuenta Destructive gastos_flow_delete_deuda_cobrar Destructive gastos_flow_delete_deuda_propia Destructive gastos_flow_delete_gasto Destructive gastos_flow_delete_gasto_recurrente Destructive gastos_flow_delete_ingreso Destructive gastos_flow_delete_moneda Destructive gastos_flow_delete_origen Destructive gastos_flow_delete_persona
WRITE 27 tools
Write gastos_flow_activar_gasto_recurrente Write gastos_flow_create_categoria Write gastos_flow_create_cuenta Write gastos_flow_create_deuda_cobrar Write gastos_flow_create_deuda_propia Write gastos_flow_create_gasto Write gastos_flow_create_gasto_recurrente Write gastos_flow_create_gasto_tercero Write gastos_flow_create_ingreso Write gastos_flow_create_moneda Write gastos_flow_create_origen Write gastos_flow_create_persona Write gastos_flow_desactivar_gasto_recurrente Write gastos_flow_login Write gastos_flow_logout Write gastos_flow_marcar_deuda_cobrada Write gastos_flow_marcar_deuda_propia_pagada Write gastos_flow_update_categoria Write gastos_flow_update_cuenta Write gastos_flow_update_deuda_cobrar Write gastos_flow_update_deuda_propia Write gastos_flow_update_gasto Write gastos_flow_update_gasto_recurrente Write gastos_flow_update_ingreso Write gastos_flow_update_moneda Write gastos_flow_update_origen Write gastos_flow_update_persona
READ 18 tools
Read gastos_flow_get_categoria Read gastos_flow_get_cuenta Read gastos_flow_get_deuda_cobrar Read gastos_flow_get_deuda_propia Read gastos_flow_get_gasto Read gastos_flow_get_gasto_recurrente Read gastos_flow_get_ingreso Read gastos_flow_get_perfil Read gastos_flow_list_categorias Read gastos_flow_list_cuentas Read gastos_flow_list_deudas_cobrar Read gastos_flow_list_deudas_propias Read gastos_flow_list_gastos Read gastos_flow_list_gastos_recurrentes Read gastos_flow_list_ingresos Read gastos_flow_list_monedas Read gastos_flow_list_origenes Read gastos_flow_list_personas
// FAQ
Can an AI agent delete data through the Gastos Flow MCP server? +

Yes. The Gastos Flow server exposes 10 destructive tools including gastos_flow_delete_categoria, gastos_flow_delete_cuenta, gastos_flow_delete_deuda_cobrar. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Gastos Flow? +

The Gastos Flow server has 27 write tools including gastos_flow_activar_gasto_recurrente, gastos_flow_create_categoria, gastos_flow_create_cuenta. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Gastos Flow MCP server expose? +

55 tools across 3 categories: Destructive, Read, Write. 18 are read-only. 37 can modify, create, or delete data.

How do I add Intercept to my Gastos Flow setup? +

One line change. Instead of running the Gastos Flow server directly, prefix it with Intercept: intercept -c gastos-flow.yaml -- npx -y @gastos-flow-mcp-server. Download a pre-built policy from policylayer.com/policies/gastos-flow and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

AdButler 622 tools
admin
Mcp Api 314 tools
admin
Aibtc 308 tools
admin
SmartBear MCP 243 tools
admin
Google Super 200 tools
admin
Trello 200 tools
admin
Arcane 180 tools
admin
Propresenter 177 tools
admin

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.