// SCAN REPORT

WooCommerce Store Manager

47 tools. 18 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

18 can modify or destroy data
29 read-only
47 tools total
// TOOL MAP
Read (29) Write / Execute (13) Destructive / Financial (5)
// WHAT CAN GO WRONG

Financial operations (wc_refund_create) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (wc_coupon_delete, wc_order_delete, wc_product_delete) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (wc_category_create, wc_coupon_create, wc_customer_create) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

One command. Full control.

Intercept sits between your agent and WooCommerce Store Manager. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @hegetiby-jwao/woocommerce-mcp-hegetiby
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Block financial tools by default
wc_refund_create:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
wc_coupon_delete:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
wc_category_create:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
wc_analytics_products:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 47 WOOCOMMERCE STORE MANAGER TOOLS
FINANCIAL 1 tools
Financial wc_refund_create
DESTRUCTIVE 4 tools
Destructive wc_coupon_delete Destructive wc_order_delete Destructive wc_product_delete Destructive wc_products_batch
WRITE 13 tools
Write wc_category_create Write wc_coupon_create Write wc_customer_create Write wc_order_create Write wc_order_note_create Write wc_order_update Write wc_product_create Write wc_product_update Write wc_setting_update Write wc_variation_create Write wc_variation_update Write wc_webhook_create Write wp_media_upload
READ 29 tools
Read wc_analytics_products Read wc_analytics_revenue Read wc_categories_list Read wc_coupons_list Read wc_customer_get Read wc_customers_list Read wc_order_get Read wc_order_notes_list Read wc_orders_list Read wc_product_get Read wc_products_list Read wc_reports_customers_totals Read wc_reports_orders_totals Read wc_reports_products_totals Read wc_reports_sales Read wc_reports_top_sellers Read wc_settings_get_group Read wc_settings_list_groups Read wc_shipping_zone_methods Read wc_shipping_zones_list Read wc_system_status Read wc_system_status_tool_run Read wc_system_status_tools Read wc_tags_list Read wc_tax_classes_list Read wc_tax_rates_list Read wc_variations_list Read wc_webhooks_list Read wp_posts_list
// FAQ
Can an AI agent move money through the WooCommerce Store Manager MCP server? +

Yes. The WooCommerce Store Manager server exposes 1 financial tools including wc_refund_create. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

Can an AI agent delete data through the WooCommerce Store Manager MCP server? +

Yes. The WooCommerce Store Manager server exposes 4 destructive tools including wc_coupon_delete, wc_order_delete, wc_product_delete. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through WooCommerce Store Manager? +

The WooCommerce Store Manager server has 13 write tools including wc_category_create, wc_coupon_create, wc_customer_create. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the WooCommerce Store Manager MCP server expose? +

47 tools across 4 categories: Destructive, Financial, Read, Write. 29 are read-only. 18 can modify, create, or delete data.

How do I add Intercept to my WooCommerce Store Manager setup? +

One line change. Instead of running the WooCommerce Store Manager server directly, prefix it with Intercept: intercept -c hegetiby-jwao-woocommerce-mcp-hegetiby.yaml -- npx -y @hegetiby-jwao/woocommerce-mcp-hegetiby. Download a pre-built policy from policylayer.com/policies/hegetiby-jwao-woocommerce-mcp-hegetiby and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Aibtc 288 tools
paymentsadmin
Xdevplatform/xmcp 135 tools
paymentsadmin
Hiveagent 122 tools
paymentsadmin
Lichess Integration 88 tools
paymentsadmin
Linear 66 tools
paymentsadmin
Indigo Protocol MCP 62 tools
paymentsadmin
Indigo 59 tools
paymentsadmin
Midnight Nextjs 35 tools
paymentsadmin
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.