// SCAN REPORT

Clocktower

26 tools. 13 can modify or destroy data without limits.

13 write tools that can modify data. Rate limits recommended.

Last updated:

13 can modify or destroy data
13 read-only
26 tools total

Community server · catalogue entry verified 12/06/2026

How to control Clocktower ↓

TOOL MAP

What Clocktower exposes to your agents

Read (13) Write / Execute (13) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Clocktower tools

Execute · Medium darkroom_optimize The tool actively processes images through a pipeline, which constitutes executing an external operation (shutterbox image pipeline) on files. Write · High clocktower_add_job This tool modifies a configuration file by adding new job definitions. Write · Medium flagpost_add_flag This tool creates or modifies configuration data (feature flag definitions) in a reversible manner. Write · Medium floodgate_add_rule The tool creates or modifies configuration data (rate limit rules) in a reversible manner.

13 of Clocktower's 26 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Clocktower

PolicyLayer is an MCP gateway — it sits between your AI agents and Clocktower, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "clocktower_init": {
    "limits": [
      {
        "counter": "clocktower_init_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "quick_start": {
    "limits": [
      {
        "counter": "quick_start_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Clocktower — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON CLOCKTOWER →

Free to start. No card required.

FULL CATALOGUE

All 26 Clocktower tools

EXECUTE 1 tools
Execute darkroom_optimize Processes images in a directory using shutterbox image pipeline. Scans the directory for image files and retur
WRITE 12 tools
Write clocktower_init Scaffold a croncall.config.ts file in the target project directory. Write darkroom_init Creates shutterbox.config.ts in a project directory. Scaffolds a starter config with thumbnail and hero image Write flagpost_init Creates flagpost.config.ts in a project directory. Scaffolds a starter config with an example feature flag. Write floodgate_init Creates floodgate.config.ts in a project directory. Scaffolds a starter config with default rate limit rules f Write lockbox_init Initialize lockbox in a project. Creates .vaultbox-key, .secrets/ directory, and updates .gitignore. Write sifter_init Scaffolds a searchcraft.config.ts in a project directory with a starter search schema. Detects pressroom integ Write clocktower_add_job Add a job definition to an existing croncall config file. Write flagpost_add_flag Adds a new feature flag definition to an existing flagpost.config.ts file. Write floodgate_add_rule Adds a new rate limit rule to an existing floodgate.config.ts file. Write herald_init Scaffolds a herald.config.ts in a project directory with provider configuration. Auto-detects Twilio and Resen Write herald_send Send a notification via notifykit. Returns instructions for configuring providers if the project is not yet se Write lockbox_set Set (encrypt and store) a secret in the lockbox.
READ 13 tools
Read quick_start Get quick start code Read checkup_scan Scan a Next.js project for production-readiness gaps. Returns findings with severity levels and vendor-neutral Read checkup_scan_json Scan a Next.js project and return structured JSON results. Use this when you need to programmatically process Read find_package Find package by use case Read flagpost_list_flags Lists all feature flags defined in a flagpost.config.ts file, showing their names and default values. Read floodgate_test Returns instructions for testing a specific rate limit rule locally. Read get_package Get package details Read herald_test Generate a test notification code snippet for a specific channel. Returns ready-to-run code for testing your n Read list_packages List all packages Read lockbox_get Get (decrypt) a secret from the lockbox. Read lockbox_list List secret names (not values) stored in the lockbox. Read sifter_search Search documents using the searchcraft engine. This is a demo tool that works with sample data to demonstrate Read clocktower_schedule List upcoming job runs parsed from a croncall config file.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about Clocktower

How do I prevent bulk modifications through Clocktower? +

The Clocktower server has 12 write tools including clocktower_init, darkroom_init, flagpost_init. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Clocktower.

How many tools does the Clocktower MCP server expose? +

26 tools across 3 categories: Execute, Read, Write. 13 are read-only. 13 can modify, create, or delete data.

How do I enforce a policy on Clocktower? +

Register the Clocktower MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Clocktower tool call.

Deterministic rules across all 26 Clocktower tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON CLOCKTOWER →

Free to start. No card required.

26 Clocktower tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.