Sui MCP Policy -- 53 Tools

// TOOL MAP

Read (41) Write / Execute (9) Destructive / Financial (3)

// WHAT CAN GO WRONG

✕

Financial operations (request_withdraw_stake, transfer_objects, transfer_sui) can move real money. An agent caught in a loop could drain accounts before anyone notices.

✕

Write operations (create_wallet, import_wallet, merge_coins) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

✕

Execute tools (dry_run_transaction) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES

Block financial tools by default

request_withdraw_stake:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Rate limit write operations

create_wallet:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

cetus_get_pool:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 53 SUI TOOLS

FINANCIAL 3 tools

Financial request_withdraw_stake Financial transfer_objects Financial transfer_sui

EXECUTE 1 tools

Execute dry_run_transaction

WRITE 8 tools

Write create_wallet Write import_wallet Write merge_coins Write move_call Write request_add_stake Write resolve_address Write resolve_name Write switch_network

READ 41 tools

Read cetus_get_pool Read cetus_get_pools Read deepbook_get_pool Read dev_inspect Read get_all_balances Read get_balance Read get_checkpoint Read get_coin_metadata Read get_coins Read get_committee_info Read get_dynamic_fields Read get_epoch_info Read get_latest_checkpoint Read get_move_call_metrics Read get_move_function Read get_move_struct Read get_network_info Read get_normalized_module Read get_object Read get_object_history Read get_owned_objects Read get_package_modules Read get_protocol_config Read get_reference_gas_price Read get_stakes Read get_system_state Read get_token_price Read get_total_supply Read get_total_transactions Read get_transaction Read get_validators Read list_common_tokens Read list_wallets Read multi_get_objects Read query_events Read query_transactions Read request_faucet Read split_coins Read suins_get_name_record Read suins_get_price Read swap_quote

// FAQ

Can an AI agent move money through the Sui MCP server? +

Yes. The Sui server exposes 3 financial tools including request_withdraw_stake, transfer_objects, transfer_sui. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

How do I prevent bulk modifications through Sui? +

The Sui server has 8 write tools including create_wallet, import_wallet, merge_coins. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Sui MCP server expose? +

53 tools across 4 categories: Execute, Financial, Read, Write. 41 are read-only. 12 can modify, create, or delete data.

How do I add Intercept to my Sui setup? +

One line change. Instead of running the Sui server directly, prefix it with Intercept: intercept -c io-github-expertvagabond-sui-mcp-server.yaml -- npx -y @sui-mcp-server. Download a pre-built policy from policylayer.com/policies/io-github-expertvagabond-sui-mcp-server and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Sui

Other MCP servers with similar tools.

Let agents act without letting them run wild.