// SCAN REPORT

Award Travel Finder

67 tools. 19 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated:

19 can modify or destroy data
48 read-only
67 tools total

19 Award Travel Finder tools can modify or destroy data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE AWARD TRAVEL FINDER →

Free to start. No card required.

TOOL MAP

Read (48) Write / Execute (13) Destructive / Financial (6)

CONTEXT-WINDOW COST

8,970 tokens of tool definitions, loaded on every request
4.5% of a 200k context window
357 heaviest tool: add_flight_booking

Full per-tool breakdown → Model it in the token calculator →

WHAT CAN GO WRONG

Financial operations (compare_transfer_options) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (cancel_route_monitor, delete_client_portfolio, delete_flight_booking) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (add_flight_booking, connect_integration, create_client_portfolio) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

RECOMMENDED RULES

Block financial tools by default
{
  "compare_transfer_options": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "cancel_route_monitor": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_flight_booking": {
    "limits": [
      {
        "counter": "add_flight_booking_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "audit_hotel_folio": {
    "limits": [
      {
        "counter": "audit_hotel_folio_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Get this policy live on your own Award Travel Finder server in minutes. Tune the limits to your setup; PolicyLayer enforces it on every call.

ENFORCE ON MY AWARD TRAVEL FINDER →

ALL 67 AWARD TRAVEL FINDER TOOLS

FINANCIAL 1 tools
Financial compare_transfer_options
DESTRUCTIVE 5 tools
Destructive cancel_route_monitor Destructive delete_client_portfolio Destructive delete_flight_booking Destructive delete_hotel_booking Destructive delete_loyalty_status
WRITE 13 tools
Write add_flight_booking Write connect_integration Write create_client_portfolio Write create_route_monitor Write disconnect_integration Write discover_more_flight_tools Write generate_branded_pdf Write plan_trip Write set_loyalty_status Write update_client_portfolio Write update_flight_booking Write update_hotel_booking Write update_points_balance
READ 48 tools
Read audit_hotel_folio Read audit_marriott_folio Read cards_analyze_spending Read cards_compare_cards Read cards_find_cards_for_category Read cards_find_transfer_programs_for_airline Read cards_get_card Read cards_list_cards Read cards_list_changes Read cards_list_transfer_partners Read cards_rank_welcome_bonuses Read find_premium_hotels Read get_award_release_window Read get_buy_points_pricing Read get_client_portfolio Read get_earning_rates Read get_flight_booking Read get_hotel_availability Read get_hotel_booking Read get_partner_award_options Read get_portfolio Read get_pricing Read get_program_partner_chart Read get_program_rates Read get_skill Read get_status_matches Read list_award_release_windows Read list_client_portfolios Read list_flight_bookings Read list_hotel_bookings Read list_integrations Read list_loyalty_statuses Read list_points_balances Read list_route_monitors Read list_skills Read lookup_flight Read monitor_hotel_price Read recommend_redemption Read search_all_airlines Read search_availability Read search_cash_flights Read search_hotels Read search_hybrid Read search_knowledge_base Read search_monthly_availability Read search_multi_passenger Read whats_on_sale Read wikipedia_airports

FAQ

Can an AI agent move money through the Award Travel Finder MCP server? +

Yes. The Award Travel Finder server exposes 1 financial tools including compare_transfer_options. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Award Travel Finder MCP server? +

Yes. The Award Travel Finder server exposes 5 destructive tools including cancel_route_monitor, delete_client_portfolio, delete_flight_booking. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Award Travel Finder? +

The Award Travel Finder server has 13 write tools including add_flight_booking, connect_integration, create_client_portfolio. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Award Travel Finder.

How many tools does the Award Travel Finder MCP server expose? +

67 tools across 4 categories: Destructive, Financial, Read, Write. 48 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on Award Travel Finder? +

Register the Award Travel Finder MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

0nmcp 407 tools
paymentsadmin
TheProtocol — Sovereign AI Agent Platform 380 tools
paymentsadmin
Aibtc 327 tools
paymentsadmin
Bexio 276 tools
paymentsadmin
Businys 248 tools
paymentsadmin
SpaceMolt 182 tools
paymentsadmin
Agent Passport System — Cryptographic Identity for AI Agents 150 tools
paymentsadmin
Xdevplatform/xmcp 135 tools
paymentsadmin

Enforce policy on every Award Travel Finder tool call.

Deterministic rules across all 67 Award Travel Finder tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE AWARD TRAVEL FINDER →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.