// SCAN REPORT

Make

202 tools. 140 can modify or destroy data without limits.

13 destructive tools with no built-in limits. Policy required.

Last updated:

140 can modify or destroy data
62 read-only
202 tools total

Community server · catalogue entry verified 12/06/2026

How to control Make ↓

TOOL MAP

What Make exposes to your agents

Read (62) Write / Execute (127) Destructive / Financial (13)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Make tools

Destructive · High clean Although 'dotnet clean' is not destructive to source code, it permanently removes build artifacts. Destructive · High remove The name 'remove' strongly implies deletion or removal of data/resources, which is typically irreversible. Destructive · High reset This tool performs irreversible modifications to version control history and working state. Destructive · High secret-delete This tool permanently removes GitHub Actions secrets, which are sensitive credentials used in CI/CD pipelines.

140 of Make's 202 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Make

PolicyLayer is an MCP gateway — it sits between your AI agents and Make, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "clean": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "remote": {
    "limits": [
      {
        "counter": "remote_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "run-list": {
    "limits": [
      {
        "counter": "run-list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Make — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MAKE →

Free to start. No card required.

FULL CATALOGUE

All 202 Make tools

DESTRUCTIVE 13 tools
Destructive clean Runs dotnet clean to remove build outputs and returns structured results. Destructive remove Runs Destructive reset Resets the current HEAD to a specified state. Supports soft, mixed, hard, merge, and keep modes. The Destructive secret-delete Deletes a repository, organization, or environment GitHub Actions secret. Destructive tag Manages git tags. Supports list (default), create, and delete actions. List returns structured tag data with n Destructive vagrant Manages Vagrant VMs: status, global-status, up, halt, destroy. Destructive variable-delete Deletes a repository, organization, or environment GitHub Actions variable. Destructive workspace Manages Terraform workspaces: list, select, create, or delete workspaces. Destructive package-clean Cleans Swift package build artifacts and returns structured result. Destructive branch Lists, creates, renames, or deletes branches. Returns structured branch data. Pass Destructive compose-down Stops Docker Compose services and returns structured status. Destructive stash Pushes, pops, applies, drops, shows, or clears stash entries. Returns structured result with action, success, Destructive worktree Lists, adds, removes, locks, unlocks, or prunes git worktrees for managing multiple working trees. Returns str
EXECUTE 100 tools
Execute conda Runs conda commands (list, info, env-list, create, remove, update) and returns structured JSON output. Execute mod-tidy Runs go mod tidy to add missing and remove unused module dependencies. Execute bazel Bazel build system operations: build, test, query, info, run, clean, fetch. Execute build Runs a build command and returns structured success/failure with errors and warnings. Execute cmake CMake build system operations: configure, build, test, list-presets, install, clean. Execute compose-build Builds Docker Compose service images and returns structured per-service build status. Execute exec Executes arbitrary commands inside a running Docker container and returns structured output. WARNING: may exec Execute gradle-build Runs Execute lerna Runs Lerna monorepo commands (list, run, changed, version) and returns structured package information. Execute maven-build Runs Execute rsync Syncs files between local and remote locations using rsync. WARNING: Defaults to dry-run mode for safety — set Execute run Runs a script or file with Execute run-rerun Re-runs a workflow run by ID. Optionally re-runs only failed jobs or a specific job. Returns structured result Execute ssh-run Executes a command on a remote host via SSH. WARNING: This runs commands on a remote machine. Ensure the host Execute uv-run Runs a command in a uv-managed environment and returns structured output. Execute vite-build Runs Vite production build and returns structured output files with sizes. Execute webpack Runs webpack build with JSON stats output and returns structured assets, errors, and warnings. Execute ansible-galaxy Installs or lists Ansible collections and roles from Galaxy or a requirements file. Execute ansible-playbook Runs an Ansible playbook and returns structured play recap with per-host results. Execute api Makes arbitrary GitHub API calls via Execute audit Runs cargo audit and returns structured vulnerability data. Execute biome-check Runs Biome check (lint + format) and returns structured diagnostics (file, line, rule, severity, message). Execute bisect Binary search for the commit that introduced a bug. Returns structured data with action taken, current commit, Execute black Runs Black code formatter and returns structured results (files changed, unchanged, would reformat). Execute bundle-exec Executes a command in the context of the Gemfile bundle using Execute check Runs cargo check (type check without full build) and returns structured diagnostics. Faster than build for err Execute cherry-pick Applies specific commits to the current branch. Returns structured data with applied commits, any conflicts, a Execute clippy Runs cargo clippy and returns structured lint diagnostics. Execute compose-up Starts Docker Compose services and returns structured status. Execute coverage Runs tests with coverage and returns structured coverage summary per file. Execute develop Enters or queries a Nix dev shell. When a command is provided, runs it inside the dev shell and returns the re Execute doc Generates Rust documentation and returns structured output with warning count. Execute esbuild Runs the esbuild bundler and returns structured errors, warnings, and output files. Execute flake-check Checks a Nix flake for errors and returns structured check results, warnings, and errors. Execute fmt Checks or fixes Rust formatting and returns structured output. Execute get Downloads and installs Go packages and their dependencies. Execute gitleaks Runs Gitleaks to detect hardcoded secrets in git repositories. Returns structured finding data with redacted s Execute golangci-lint Runs golangci-lint and returns structured lint diagnostics (file, line, linter, severity, message). Execute gradle-test Runs Execute hadolint Runs Hadolint (Dockerfile linter) and returns structured diagnostics (file, line, rule, severity, message). Execute info Runs Execute init Initializes a Terraform working directory. Downloads providers, configures backend, and prepares for plan/appl Execute jq Processes and transforms JSON using jq expressions. Accepts JSON from a file path or inline string. Returns th Execute lint Runs Execute maven-test Runs Execute maven-verify Runs Execute mongosh-eval Evaluates a MongoDB expression via mongosh and returns the output. Execute mypy Runs mypy and returns structured type-check diagnostics (file, line, severity, message, code). Execute mysql-query Executes a MySQL query and returns structured tabular output. Execute nvm Manages Node.js versions via nvm. Execute nx Runs Nx workspace commands and returns structured per-project task results with cache status. Execute outdated Runs Execute oxlint Runs Oxlint and returns structured diagnostics (file, line, column, rule, severity, message). Execute pip-audit Runs pip-audit and returns a structured vulnerability report. Execute playwright Runs Playwright tests with JSON reporter and returns structured results with pass/fail status, duration, and e Execute pm-ls Runs Execute poetry Runs Poetry commands and returns structured output. Execute psql-query Executes a PostgreSQL query via psql and returns structured tabular output. Execute pull Pulls a Docker image from a registry and returns structured result with digest info. Execute pyenv Manages Python versions via pyenv. Execute pytest Runs pytest and returns structured test results (passed, failed, errors, skipped, failures). Execute rebase Rebases the current branch onto a target branch. Supports abort, continue, skip, and quit for conflict resolut Execute redis-command Executes a Redis command via redis-cli and returns the response. Execute redis-ping Tests Redis connectivity by sending a PING command. Execute reload Rebuilds the MCP server (or a specified project) and sends a Execute repo-clone Clones a GitHub repository. Returns structured data with success status, repo name, target directory, and mess Execute request Makes an HTTP request via curl and returns structured response data (status, headers, body, timing). Execute rollup Runs Rollup bundler and returns structured bundle output with errors and warnings. Execute ruff-check Runs ruff check and returns structured lint diagnostics (file, line, code, message). Execute ruff-format Runs ruff format and returns structured results (files changed, file list). Execute semgrep Runs Semgrep static analysis with structured rules and findings. Returns structured finding data with severity Execute shell Makes packages available in the environment and optionally runs a command. Returns stdout, stderr, exit code, Execute shellcheck Runs ShellCheck (shell script linter) and returns structured diagnostics (file, line, column, rule, severity, Execute ssh-test Tests SSH connectivity to a remote host using Execute stylelint Runs Stylelint and returns structured diagnostics (file, line, column, rule, severity, message). Execute task Runs a named task from deno.json via Execute test Runs Execute trivy Runs Trivy vulnerability/misconfiguration scanner on container images, filesystems, or IaC configs. Returns st Execute tsc Runs the TypeScript compiler and returns structured diagnostics (file, line, column, code, message). Execute turbo Runs Turborepo tasks and returns structured per-package results with cache hit/miss info. Execute vet Runs go vet and returns structured static analysis diagnostics with analyzer names. Uses -json flag for native Execute yq Processes and transforms YAML, JSON, XML, TOML, and properties files using yq expressions. Accepts input from Execute add Runs Execute add-package Runs dotnet add package to add a NuGet package and returns structured results. WARNING: may execute untrusted Execute apply Applies a Kubernetes manifest file. Execute bundle-install Installs Gemfile dependencies using Execute gem-install Installs a Ruby gem using Execute generate Runs go generate directives in Go source files. WARNING: may execute untrusted code. Execute helm Manages Helm releases (install, upgrade, list, status, history, template). Returns structured JSON output. Execute install Runs Execute merge Merges a branch into the current branch. Supports abort, continue, and quit actions. Returns structured data w Execute package-resolve Resolves Swift package dependencies and returns structured resolution results. Execute package-update Updates Swift package dependencies and returns structured update results. Execute pip-install Runs pip install and returns a structured summary of installed packages. WARNING: may execute untrusted code. Execute post Makes an HTTP POST request via curl and returns structured response data. Convenience wrapper for the request Execute publish Runs dotnet publish for deployment and returns structured output with output path and diagnostics. Execute push Pushes commits to a remote repository. Returns structured data with success status, remote, branch, summary, a Execute restore Runs dotnet restore to restore NuGet dependencies and returns structured results. Execute submodule Manages git submodules. Supports list (default), add, update, sync, and deinit actions. List returns structure Execute uv-install Runs uv pip install and returns a structured summary of installed packages. WARNING: may execute untrusted cod
WRITE 27 tools
Write remote Manages remote repositories. Supports list (default), add, remove, rename, set-url, prune, and show actions. R Write package-init Initializes a new Swift package and returns structured result with created files. Write pr-ready Marks a pull request as ready for review (or converts it back to draft when undo=true). Returns structured dat Write pr-reopen Reopens a previously closed pull request, optionally with a comment. Returns structured data with PR number, s Write pr-review Submits a review on a pull request (approve, request-changes, or comment). Returns structured data with the re Write archive Creates an archive of files from a git repository. Supports tar, tar.gz, and zip formats. Returns structured d Write biome-format Formats files with Biome (format --write) and returns a structured list of changed files. Write checkout Switches branches or restores files. Returns structured data with ref, previous ref, whether a new branch was Write commit Creates a commit with the given message. Returns structured data with hash, message, and change statistics. Pa Write config Manages git configuration values. Supports get, set, list, and unset actions. Operates at local, global, syste Write flake-update Updates flake lock file inputs and returns structured information about what was updated. Write gist-create Creates a new GitHub gist from one or more files. Returns structured data with gist ID, URL, visibility, file Write issue-close Closes an issue with an optional comment and reason. Returns structured data with issue number, state, URL, re Write issue-comment Adds, edits, or deletes a comment on an issue. Returns structured data with the comment URL, operation type, c Write issue-create Creates a new issue. Returns structured data with issue number, URL, and labels applied. Write issue-update Updates issue metadata (title, body, labels, assignees, milestone, projects). Write label-create Creates a new repository label. Returns structured data with label name, description, color, and URL. Write pr-close Closes a pull request with an optional comment and optional branch deletion. Returns structured data with PR n Write pr-comment Adds, edits, or deletes a comment on a pull request. Returns structured data with the comment URL, operation t Write pr-create Creates a new pull request. Returns structured data with PR number and URL. Write pr-merge Merges a pull request by number, URL, or branch. Returns structured data with merge status, method, URL, and b Write pr-update Updates pull request metadata (title, body, labels, assignees, reviewers, milestone, base branch, projects). R Write prettier-format Formats files with Prettier (--write) and returns a structured list of changed files. Write release-create Creates a new GitHub release with optional asset uploads. Returns structured data with tag, URL, draft, prerel Write secret-set Sets a repository, organization, or environment GitHub Actions secret. Secret values are sent via stdin and ne Write update Updates dependencies in the lock file. Optionally updates a single package. Write variable-set Sets a repository, organization, or environment GitHub Actions variable. Variables are not secret and may be v
READ 62 tools
Read run-list Lists workflow runs with optional filters. Returns structured list with run ID, status, conclusion, and workfl Read run-view Views a workflow run by ID. Returns structured data with status, conclusion, jobs (with steps), and workflow d Read ansible-inventory Queries Ansible inventory for hosts, groups, and variables. Returns structured JSON for --list or tree text fo Read blame Shows commit annotations for a file, grouped by commit. Returns structured blame data with deduplicated commit Read bundle-check Verifies that the Gemfile Read compose-logs Retrieves Docker Compose service logs as structured entries. Read compose-ps Lists Docker Compose services with structured state and status information. Read count Counts pattern matches per file using ripgrep. Returns per-file match counts and totals. Read describe Describes a Kubernetes resource with detailed information. Read diff Returns file-level diff statistics as structured data. Use full=true for patch content. Read discover-tools List and load additional ${serverName} tools that aren Read discussion-list Lists GitHub Discussions for a repository via GraphQL. Returns structured list with discussion number, title, Read env Returns Go environment variables as structured JSON. Optionally request specific variables. Read find Finds files and directories using fd with structured output. Returns file paths, names, and extensions. Read flake-show Shows the outputs of a Nix flake as a structured tree. Uses --json for machine-parseable output by default. Read format-check Checks if files are formatted and returns a structured list of files needing formatting. Read gem-list Lists installed Ruby gems with version information. Returns structured JSON with gem names and versions. Read gem-outdated Lists outdated Ruby gems showing current and latest available versions. Read gradle-dependencies Shows the Gradle dependency tree with structured output per configuration. Read gradle-tasks Lists available Gradle tasks with descriptions and groups. Uses Read head Makes an HTTP HEAD request via curl and returns structured response headers (no body). Use to check resource e Read images Lists Docker images with structured repository, tag, size, and creation info. Read inspect Shows detailed container or image information with structured state, image, and platform data. Read label-list Lists repository labels. Returns structured data with label name, description, color, and default status. Read list Lists Go packages or modules and returns structured information. When Read list-package Runs dotnet list package and returns structured NuGet package listings per project and framework. Read log Returns commit history as structured data. Read log-graph Returns visual branch topology as structured data. Wraps Read logs Retrieves container logs as structured line arrays. Read maven-dependencies Shows the Maven dependency tree with structured output per artifact. Read mongosh-stats Gets MongoDB database statistics (collections, objects, data size, storage, indexes) via mongosh. Read mysql-list-databases Lists all MySQL databases with structured output. Read network-ls Lists Docker networks with structured driver and scope information. Read output Shows Terraform output values from the current state. Returns structured name/value/type/sensitive data. Read package-show-dependencies Shows the dependency tree of a Swift package and returns structured dependency data. Read pip-list Runs pip list and returns a structured list of installed packages. Read pip-show Runs pip show and returns structured package metadata (name, version, summary, dependencies). Read pr-checks Lists check/status results for a pull request. Returns structured data with check names, states, URLs, and sum Read pr-diff Returns file-level diff statistics for a pull request. Use full=true for patch/hunk content, or nameOnly=true Read pr-list Lists pull requests with optional filters. Returns structured list with PR number, state, title, author, branc Read pr-view Views a pull request by number, URL, or branch. Returns structured data with state, checks, review decision, d Read ps Lists Docker containers with structured status, ports, and state information. Read psql-list-databases Lists all PostgreSQL databases via psql with owner, encoding, and size info. Read redis-info Gets Redis server info with structured sections (server, clients, memory, etc.). Read reflog Returns reference log entries as structured data, useful for recovery operations. Also supports checking if a Read release-list Lists GitHub releases for a repository. Returns structured list with tag, name, draft/prerelease/latest status Read repo-view Views repository details. Returns structured data with name, owner, description, stars, forks, languages, topi Read search Searches the npm registry for packages matching a query. Read secret-list Lists repository, organization, or environment secret names and metadata. Secret values are not exposed by Git Read show Shows commit details and diff statistics for a given ref. When Read ssh-keyscan Retrieves public host keys from a remote SSH server using Read stash-list Lists all stash entries with index, message, date, branch, and optional file change summary. Returns structure Read state-list Lists all resources tracked in the Terraform state. Returns resource addresses. Read stats Returns a snapshot of container resource usage (CPU, memory, network/block I/O, PIDs) as structured data. Read status Returns the working tree status as structured data (branch, staged, modified, untracked, conflicts). Read tree Displays the dependency tree for a Rust project. Read validate Validates Terraform configuration files for syntax and consistency errors. Returns structured diagnostics. Read variable-list Lists repository, organization, or environment GitHub Actions variables with values and metadata. Read volume-ls Lists Docker volumes with structured driver, mountpoint, and scope information. Read issue-list Lists issues with optional filters. Returns structured list with issue number, state, title, labels, assignees Read issue-view Views an issue by number or URL. Returns structured data with state, labels, assignees, author, milestone, clo Read plan Shows the Terraform execution plan with resource change counts. Read-only — does not modify infrastructure.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Make

Can an AI agent delete data through the Make MCP server? +

Yes. The Make server exposes 13 destructive tools including clean, remove, reset. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Make? +

The Make server has 27 write tools including remote, package-init, pr-ready. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Make.

How many tools does the Make MCP server expose? +

202 tools across 4 categories: Destructive, Execute, Read, Write. 62 are read-only. 140 can modify, create, or delete data.

How do I enforce a policy on Make? +

Register the Make MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Make tool call.

Deterministic rules across all 202 Make tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MAKE →

Free to start. No card required.

202 Make tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.