// SCAN REPORT

Bexio

276 tools. 119 can modify or destroy data without limits.

34 destructive tools with no built-in limits. Policy required.

Last updated: 6 Jun 2026

119 can modify or destroy data

157 read-only

276 tools total

Free to start. No card required.

TOOL MAP

Read (157) Write / Execute (85) Destructive / Financial (34)

WHAT CAN GO WRONG

Financial operations (create_payment, create_payment_type, send_invoice) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (cancel_invoice, delete_absence, delete_additional_address) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (archive_project, bulk_create_contacts, copy_invoice) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

RECOMMENDED RULES

Block financial tools by default

{
  "create_payment": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations

{
  "cancel_invoice": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "archive_project": {
    "limits": [
      {
        "counter": "archive_project_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "accept_quote": {
    "limits": [
      {
        "counter": "accept_quote_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

ALL 276 BEXIO TOOLS

FINANCIAL 3 tools

Financial create_payment Financial create_payment_type Financial send_invoice

DESTRUCTIVE 31 tools

WRITE 85 tools

Write archive_project Write bulk_create_contacts Write copy_invoice Write copy_quote Write create_absence Write create_account Write create_additional_address Write create_bill Write create_business_activity Write create_comment Write create_contact Write create_contact_group Write create_contact_relation Write create_contact_sector Write create_country Write create_currency Write create_delivery_from_order Write create_employee Write create_expense Write create_fictional_user Write create_iban_payment Write create_invoice Write create_invoice_from_order Write create_invoice_from_quote Write create_item Write create_language Write create_manual_entry Write create_milestone Write create_note Write create_order Write create_order_from_quote Write create_outgoing_payment Write create_project Write create_purchase_order Write create_qr_payment Write create_quote Write create_reminder Write create_salutation Write create_task Write create_timesheet Write create_title Write create_unit Write create_work_package Write edit_invoice Write edit_item Write edit_order Write edit_order_repetition Write edit_quote Write issue_bill Write issue_delivery Write issue_invoice Write issue_quote Write mark_bill_as_paid Write mark_invoice_as_sent Write mark_quote_as_sent Write mark_reminder_as_sent Write mark_reminder_as_unsent Write restore_contact Write send_quote Write send_reminder Write unarchive_project Write update_absence Write update_additional_address Write update_bill Write update_company_profile Write update_contact Write update_contact_group Write update_contact_relation Write update_currency Write update_employee Write update_expense Write update_fictional_user Write update_file Write update_iban_payment Write update_manual_entry Write update_note Write update_outgoing_payment Write update_project Write update_purchase_order Write update_qr_payment Write update_salutation Write update_task Write update_title Write update_work_package Write upload_file

READ 157 tools

Read accept_quote Read advanced_search_contacts Read decline_quote Read download_file Read find_contact_by_name Read find_contact_by_number Read get_absence Read get_account Read get_additional_address Read get_bank_account Read get_bill Read get_business_activity Read get_calendar_year Read get_comment Read get_communication_type Read get_company_profile Read get_contact Read get_contact_group Read get_contact_relation Read get_contact_sector Read get_country Read get_currency Read get_current_user Read get_customer_revenue_report Read get_delivery Read get_employee Read get_expense Read get_fictional_user Read get_file Read get_iban_payment Read get_invoice Read get_invoice_pdf Read get_invoice_status_report Read get_item Read get_journal Read get_language Read get_manual_entry Read get_milestone Read get_monthly_revenue_report Read get_note Read get_open_invoices Read get_order Read get_order_pdf Read get_order_repetition Read get_outgoing_payment Read get_overdue_invoices Read get_overdue_invoices_report Read get_payment Read get_payment_type Read get_project Read get_project_status Read get_project_type Read get_purchase_order Read get_qr_payment Read get_quote Read get_quote_pdf Read get_reminder Read get_reminder_pdf Read get_reminders_sent_this_week Read get_revenue_report Read get_salutation Read get_task Read get_tasks_due_this_week Read get_tax Read get_timesheet Read get_title Read get_top_customers_by_revenue Read get_unit Read get_user Read get_work_package Read list_absences Read list_account_groups Read list_accounts Read list_additional_addresses Read list_all_invoices Read list_all_statuses Read list_bank_accounts Read list_bills Read list_business_activities Read list_business_years Read list_calendar_years Read list_comments Read list_communication_types Read list_contact_groups Read list_contact_relations Read list_contact_sectors Read list_contacts Read list_countries Read list_currencies Read list_deliveries Read list_document_settings Read list_document_templates Read list_employees Read list_expenses Read list_fictional_users Read list_files Read list_invoice_statuses Read list_invoices Read list_items Read list_languages Read list_manual_entries Read list_milestones Read list_notes Read list_orders Read list_outgoing_payments Read list_payment_types Read list_payments Read list_payroll_documents Read list_permissions Read list_project_statuses Read list_project_types Read list_projects Read list_purchase_orders Read list_quotes Read list_reminders Read list_salutations Read list_stock_areas Read list_stock_locations Read list_task_priorities Read list_task_statuses Read list_tasks Read list_taxes Read list_timesheet_statuses Read list_timesheets Read list_titles Read list_units Read list_users Read list_vat_periods Read list_work_packages Read ping Read reissue_quote Read revert_invoice_to_draft Read revert_quote_to_draft Read search_accounts Read search_additional_addresses Read search_bills Read search_contact_groups Read search_contact_relations Read search_contact_sectors Read search_contacts Read search_deliveries Read search_invoices Read search_invoices_by_customer Read search_items Read search_notes Read search_orders Read search_orders_by_customer Read search_projects Read search_quotes Read search_quotes_by_customer Read search_reminders Read search_salutations Read search_stock_areas Read search_stock_locations Read search_tasks Read search_timesheets Read search_titles

FAQ

Can an AI agent move money through the Bexio MCP server? +

Yes. The Bexio server exposes 3 financial tools including create_payment, create_payment_type, send_invoice. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Bexio MCP server? +

Yes. The Bexio server exposes 31 destructive tools including cancel_invoice, delete_absence, delete_additional_address. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Bexio? +

The Bexio server has 85 write tools including archive_project, bulk_create_contacts, copy_invoice. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Bexio.

How many tools does the Bexio MCP server expose? +

276 tools across 4 categories: Destructive, Financial, Read, Write. 157 are read-only. 119 can modify, create, or delete data.

How do I enforce a policy on Bexio? +

Register the Bexio MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

Enforce policy on every Bexio tool call.

Deterministic rules across all 276 Bexio tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE BEXIO →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

Bexio

// TOOL MAP

// WHAT CAN GO WRONG

// RECOMMENDED RULES

// ALL 276 BEXIO TOOLS

// FAQ