// SCAN REPORT

Lichess Integration

88 tools. 26 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated: 20 Apr 2026

26 can modify or destroy data

62 read-only

88 tools total

// TOOL MAP

Read (62) Write / Execute (20) Destructive / Financial (6)

// WHAT CAN GO WRONG

Financial operations (withdraw_from_arena, withdraw_from_simul, withdraw_from_swiss) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (cancel_challenge, revoke_token, upgrade_to_bot) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (add_user_note, create_arena, create_challenge) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

One command. Full control.

Intercept sits between your agent and Lichess Integration. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @GigaChatTester/lichess-mcp

Scans every tool. Generates a policy. Starts enforcing.

Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client

// RECOMMENDED RULES

Block financial tools by default

withdraw_from_arena:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations

cancel_challenge:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

add_user_note:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

abort_board_game:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 88 LICHESS INTEGRATION TOOLS

FINANCIAL 3 tools

Financial withdraw_from_arena Financial withdraw_from_simul Financial withdraw_from_swiss

DESTRUCTIVE 3 tools

Destructive cancel_challenge Destructive revoke_token Destructive upgrade_to_bot

READ 62 tools

Read abort_board_game Read accept_challenge Read accept_join_request Read block_user Read claim_victory Read decline_challenge Read decline_join_request Read follow_user Read get_all_top_10 Read get_arena_games Read get_arena_info Read get_arena_results Read get_arena_tournaments Read get_broadcast Read get_broadcast_round Read get_cloud_eval Read get_current_simuls Read get_fide_player Read get_following Read get_kid_mode Read get_leaderboard Read get_my_email Read get_my_profile Read get_official_broadcasts Read get_ongoing_games Read get_preferences Read get_puzzle_activity Read get_puzzle_dashboard Read get_puzzle_race Read get_puzzle_storm_dashboard Read get_rating_history Read get_swiss_games Read get_swiss_info Read get_swiss_results Read get_team_battle_results Read get_team_info Read get_team_join_requests Read get_team_members Read get_thread Read get_timeline Read get_tv_channels Read get_tv_game Read get_user_activity Read get_user_performance Read get_user_profile Read get_user_public_data Read get_user_studies Read get_users_by_id Read get_users_status Read join_arena Read join_simul Read join_swiss Read join_team Read kick_user_from_team Read leave_team Read list_challenges Read resign_board_game Read search_fide_players Read search_teams Read test_tokens Read unblock_user Read unfollow_user

// FAQ

Can an AI agent move money through the Lichess Integration MCP server? +

Yes. The Lichess Integration server exposes 3 financial tools including withdraw_from_arena, withdraw_from_simul, withdraw_from_swiss. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

Can an AI agent delete data through the Lichess Integration MCP server? +

Yes. The Lichess Integration server exposes 3 destructive tools including cancel_challenge, revoke_token, upgrade_to_bot. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Lichess Integration? +

The Lichess Integration server has 20 write tools including add_user_note, create_arena, create_challenge. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Lichess Integration MCP server expose? +

88 tools across 4 categories: Destructive, Financial, Read, Write. 62 are read-only. 26 can modify, create, or delete data.

How do I add Intercept to my Lichess Integration setup? +

One line change. Instead of running the Lichess Integration server directly, prefix it with Intercept: intercept -c gigachattester-lichess-mcp.yaml -- npx -y @GigaChatTester/lichess-mcp. Download a pre-built policy from policylayer.com/policies/gigachattester-lichess-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init

Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.

Lichess Integration

One command. Full control.

Other MCP servers with similar tools.

Control every MCP tool call your agent makes.

Control every MCP tool call
your agent makes.