// SCAN REPORT

Docker

56 tools. 27 can modify or destroy data without limits.

10 destructive tools with no built-in limits. Policy required.

Last updated:

27 can modify or destroy data
29 read-only
56 tools total
// TOOL MAP
Read (29) Write / Execute (17) Destructive / Financial (10)
// WHAT CAN GO WRONG

Destructive tools (docker_compose_down, docker_prune_containers, docker_prune_images) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (docker_connect_container, docker_create_container, docker_create_network) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (docker_compose_build, docker_compose_restart, docker_compose_start) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and Docker. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @alisaitteke/docker-mcp
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
docker_compose_down:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
docker_connect_container:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
docker_compose_config:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 56 DOCKER TOOLS
DESTRUCTIVE 10 tools
Destructive docker_compose_down Destructive docker_prune_containers Destructive docker_prune_images Destructive docker_prune_networks Destructive docker_prune_system Destructive docker_prune_volumes Destructive docker_remove_container Destructive docker_remove_image Destructive docker_remove_network Destructive docker_remove_volume
EXECUTE 9 tools
Execute docker_compose_build Execute docker_compose_restart Execute docker_compose_start Execute docker_compose_stop Execute docker_compose_up Execute docker_exec Execute docker_restart_container Execute docker_start_container Execute docker_stop_container
WRITE 8 tools
Write docker_connect_container Write docker_create_container Write docker_create_network Write docker_create_volume Write docker_disconnect_container Write docker_push_image Write dockerhub_push Write ghcr_push
READ 29 tools
Read docker_compose_config Read docker_compose_logs Read docker_compose_ps Read docker_container_health_check Read docker_container_logs Read docker_container_stats Read docker_image_history Read docker_inspect_container Read docker_inspect_exec Read docker_inspect_image Read docker_inspect_network Read docker_inspect_volume Read docker_kill_container Read docker_list_containers Read docker_list_images Read docker_list_networks Read docker_list_volumes Read docker_pause_container Read docker_pull_image Read docker_system_info Read docker_tag_image Read docker_unpause_container Read docker_version Read dockerhub_authenticate Read dockerhub_get_tags Read dockerhub_pull Read dockerhub_search Read ghcr_authenticate Read ghcr_pull
// FAQ
Can an AI agent delete data through the Docker MCP server? +

Yes. The Docker server exposes 10 destructive tools including docker_compose_down, docker_prune_containers, docker_prune_images. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Docker? +

The Docker server has 8 write tools including docker_connect_container, docker_create_container, docker_create_network. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Docker MCP server expose? +

56 tools across 4 categories: Destructive, Execute, Read, Write. 29 are read-only. 27 can modify, create, or delete data.

How do I add Intercept to my Docker setup? +

One line change. Instead of running the Docker server directly, prefix it with Intercept: intercept -c io-github-alisaitteke-docker-mcp.yaml -- npx -y @@alisaitteke/docker-mcp. Download a pre-built policy from policylayer.com/policies/io-github-alisaitteke-docker-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 310 tools
adminautomation
Aibtc 288 tools
adminautomation
Google Super 200 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Apiosk 160 tools
adminautomation
Mcp Sitecore 153 tools
adminautomation
SmartBear MCP 147 tools
adminautomation
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.