// SCAN REPORT

Fleet

132 tools. 57 can modify or destroy data without limits.

15 destructive tools with no built-in limits. Policy required.

Last updated:

57 can modify or destroy data
75 read-only
132 tools total

57 Fleet tools can modify or destroy data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE FLEET →

Free to start. No card required.

TOOL MAP

Read (75) Write / Execute (42) Destructive / Financial (15)

WHAT CAN GO WRONG

Destructive tools (fleet_delete_bootstrap_package, fleet_delete_host, fleet_delete_invite) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (fleet_add_app_store_app, fleet_add_labels_to_host, fleet_add_team_users) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (fleet_install_software, fleet_lock_device, fleet_lock_host) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

RECOMMENDED RULES

Deny destructive operations
{
  "fleet_delete_bootstrap_package": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "fleet_add_app_store_app": {
    "limits": [
      {
        "counter": "fleet_add_app_store_app_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "fleet_find_software_on_host": {
    "limits": [
      {
        "counter": "fleet_find_software_on_host_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Get this policy live on your own Fleet server in minutes. Tune the limits to your setup; PolicyLayer enforces it on every call.

ENFORCE ON MY FLEET →

ALL 132 FLEET TOOLS

DESTRUCTIVE 15 tools
Destructive fleet_delete_bootstrap_package Destructive fleet_delete_host Destructive fleet_delete_invite Destructive fleet_delete_label Destructive fleet_delete_mdm_profile Destructive fleet_delete_pack Destructive fleet_delete_policy Destructive fleet_delete_query Destructive fleet_delete_script Destructive fleet_delete_secret Destructive fleet_delete_session Destructive fleet_delete_setup_assistant Destructive fleet_delete_user_sessions Destructive fleet_delete_vpp_token Destructive fleet_unenroll_host_mdm
EXECUTE 10 tools
Execute fleet_install_software Execute fleet_lock_device Execute fleet_lock_host Execute fleet_query_host Execute fleet_query_host_by_identifier Execute fleet_refetch_host Execute fleet_run_batch_script Execute fleet_run_live_query_with_results Execute fleet_run_saved_query Execute fleet_run_script
WRITE 32 tools
Write fleet_add_app_store_app Write fleet_add_labels_to_host Write fleet_add_team_users Write fleet_batch_set_software Write fleet_cancel_batch_script Write fleet_cancel_host_activity Write fleet_create_invite Write fleet_create_label Write fleet_create_pack Write fleet_create_policy Write fleet_create_query Write fleet_create_script Write fleet_create_secret Write fleet_create_setup_assistant Write fleet_create_team Write fleet_create_user Write fleet_modify_script Write fleet_remove_labels_from_host Write fleet_remove_team_user Write fleet_transfer_hosts Write fleet_unlock_host Write fleet_update_app_store_app Write fleet_update_config Write fleet_update_enroll_secrets Write fleet_update_invite Write fleet_update_label Write fleet_update_pack Write fleet_update_policy Write fleet_update_user Write fleet_upload_bootstrap_package Write fleet_upload_mdm_apple_installer Write fleet_upload_mdm_profile
READ 75 tools
Read fleet_find_software_on_host Read fleet_get_batch_script Read fleet_get_bootstrap_metadata Read fleet_get_bootstrap_summary Read fleet_get_carve Read fleet_get_carve_block Read fleet_get_certificate Read fleet_get_config Read fleet_get_cve Read fleet_get_device_info Read fleet_get_enroll_secrets Read fleet_get_filevault_summary Read fleet_get_host Read fleet_get_host_by_identifier Read fleet_get_host_device_mapping Read fleet_get_host_encryption_key Read fleet_get_host_macadmins Read fleet_get_host_mdm Read fleet_get_host_mdm_profiles Read fleet_get_host_software Read fleet_get_label Read fleet_get_mdm_command_results Read fleet_get_mdm_profiles_summary Read fleet_get_osquery_table_schema Read fleet_get_pack Read fleet_get_policy_results Read fleet_get_query Read fleet_get_query_report Read fleet_get_script Read fleet_get_script_result Read fleet_get_session Read fleet_get_setup_assistant Read fleet_get_software Read fleet_get_software_install_result Read fleet_get_software_title Read fleet_get_team Read fleet_get_team_secrets Read fleet_get_user Read fleet_get_version Read fleet_get_vulnerabilities Read fleet_health_check Read fleet_list_activities Read fleet_list_app_store_apps Read fleet_list_batch_script_hosts Read fleet_list_batch_scripts Read fleet_list_carves Read fleet_list_host_certificates Read fleet_list_host_past_activities Read fleet_list_host_scripts Read fleet_list_host_upcoming_activities Read fleet_list_hosts Read fleet_list_invites Read fleet_list_labels Read fleet_list_mdm_apple_installers Read fleet_list_mdm_commands Read fleet_list_mdm_devices Read fleet_list_mdm_profiles Read fleet_list_osquery_tables Read fleet_list_packs Read fleet_list_policies Read fleet_list_queries Read fleet_list_scheduled_queries Read fleet_list_scripts Read fleet_list_secrets Read fleet_list_software Read fleet_list_software_titles Read fleet_list_team_users Read fleet_list_teams Read fleet_list_user_sessions Read fleet_list_users Read fleet_list_vpp_tokens Read fleet_search_hosts Read fleet_search_software Read fleet_suggest_tables_for_query Read fleet_verify_invite

FAQ

Can an AI agent delete data through the Fleet MCP server? +

Yes. The Fleet server exposes 15 destructive tools including fleet_delete_bootstrap_package, fleet_delete_host, fleet_delete_invite. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Fleet? +

The Fleet server has 32 write tools including fleet_add_app_store_app, fleet_add_labels_to_host, fleet_add_team_users. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Fleet.

How many tools does the Fleet MCP server expose? +

132 tools across 4 categories: Destructive, Execute, Read, Write. 75 are read-only. 57 can modify, create, or delete data.

How do I enforce a policy on Fleet? +

Register the Fleet MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

Aibtc 327 tools
adminautomation
Mcp Api 314 tools
adminautomation
SmartBear MCP 243 tools
adminautomation
Google Super 200 tools
adminautomation
Arcane 180 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Opencut Controller 161 tools
adminautomation

Enforce policy on every Fleet tool call.

Deterministic rules across all 132 Fleet tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE FLEET →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.