// SCAN REPORT

Looking Glass

71 tools. 26 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

26 can modify or destroy data
45 read-only
71 tools total
// TOOL MAP
Read (45) Write / Execute (22) Destructive / Financial (4)
// WHAT CAN GO WRONG

Destructive tools (browser_clear_history, browser_clear_mocks, browser_clear_storage) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (browser_click, browser_close, browser_drag) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (browser_navigate, browser_performance_audit, browser_tab_new) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and Looking Glass. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @looking-glass-mcp
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
browser_clear_history:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
browser_click:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
browser_action_history:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 71 LOOKING GLASS TOOLS
DESTRUCTIVE 4 tools
Destructive browser_clear_history Destructive browser_clear_mocks Destructive browser_clear_storage Destructive vault_delete
EXECUTE 6 tools
Execute browser_navigate Execute browser_performance_audit Execute browser_tab_new Execute browser_wait_for Execute browser_wait_until_stable Execute session_start
WRITE 16 tools
Write browser_click Write browser_close Write browser_drag Write browser_fill_and_submit Write browser_login Write browser_press_key Write browser_resolve_element Write browser_scroll Write browser_select_option Write browser_set_cookie Write browser_set_localstorage Write browser_smart_click Write browser_tab_select Write browser_type Write session_export_playwright Write vault_login
READ 45 tools
Read browser_action_history Read browser_analyze_page Read browser_clean_slate Read browser_console_messages Read browser_diagnose Read browser_diff_state Read browser_error_report Read browser_evaluate Read browser_explore Read browser_extract Read browser_get_cookies Read browser_get_localstorage Read browser_go Read browser_go_back Read browser_go_forward Read browser_health_check Read browser_hover Read browser_list_mocks Read browser_mock_route Read browser_network_requests Read browser_recover Read browser_screenshot Read browser_snapshot Read browser_snapshot_state Read browser_suggest_actions Read browser_tab_list Read browser_workflow Read session_end Read session_list Read session_replay Read test_accessibility_audit Read test_assert Read test_auth_flow Read test_chaos Read test_chaos_clear Read test_fill_form Read test_generate_assertions Read test_scenario_run Read test_scenario_status Read test_stop_watch Read test_watch_events Read vault_inject Read vault_list Read visual_baseline Read visual_compare
// FAQ
Can an AI agent delete data through the Looking Glass MCP server? +

Yes. The Looking Glass server exposes 4 destructive tools including browser_clear_history, browser_clear_mocks, browser_clear_storage. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Looking Glass? +

The Looking Glass server has 16 write tools including browser_click, browser_close, browser_drag. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Looking Glass MCP server expose? +

71 tools across 4 categories: Destructive, Execute, Read, Write. 45 are read-only. 26 can modify, create, or delete data.

How do I add Intercept to my Looking Glass setup? +

One line change. Instead of running the Looking Glass server directly, prefix it with Intercept: intercept -c io-github-sahib-sawhney-wh-looking-glass-mcp.yaml -- npx -y @looking-glass-mcp. Download a pre-built policy from policylayer.com/policies/io-github-sahib-sawhney-wh-looking-glass-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 310 tools
adminautomation
Aibtc 288 tools
adminautomation
Google Super 200 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Mcp Sitecore 153 tools
adminautomation
SmartBear MCP 147 tools
adminautomation
Slack 143 tools
adminautomation
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.