// SCAN REPORT

Simplefunctions

108 tools. 17 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated: 6 Jun 2026

17 can modify or destroy data

91 read-only

108 tools total

Free to start. No card required.

TOOL MAP

Read (91) Write / Execute (16) Destructive / Financial (1)

CONTEXT-WINDOW COST

15,021 tokens of tool definitions, loaded on every request

7.5% of a 200k context window

605 heaviest tool: screen_markets

Full per-tool breakdown → Model it in the token calculator →

WHAT CAN GO WRONG

Destructive tools (cancel_intent) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (add_position, close_position, configure_heartbeat) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (run_skill, trigger_evaluation) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

RECOMMENDED RULES

Deny destructive operations

{
  "cancel_intent": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "add_position": {
    "limits": [
      {
        "counter": "add_position_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "augment_tree": {
    "limits": [
      {
        "counter": "augment_tree_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

ALL 108 SIMPLEFUNCTIONS TOOLS

DESTRUCTIVE 1 tools

Destructive cancel_intent

EXECUTE 2 tools

Execute run_skill Execute trigger_evaluation

WRITE 14 tools

Write add_position Write close_position Write configure_heartbeat Write create_intent Write create_skill Write create_strategy Write create_thesis Write inject_signal Write post_to_forum Write publish_skill Write update_nodes Write update_position Write update_strategy Write update_thesis

READ 91 tools

Read augment_tree Read batch_markets Read browse_public_skills Read enrich_content Read explore_public Read explore_theses Read fork_skill Read fork_thesis Read get_agent_guide Read get_answer Read get_balance Read get_briefing Read get_calendar Read get_calibration Read get_changes Read get_changes_delta Read get_congress_member Read get_contagion Read get_context Read get_economic_anchors Read get_edges Read get_evaluation_history Read get_feed Read get_fills Read get_forecast Read get_glossary_term Read get_heartbeat_config Read get_heartbeat_status Read get_highlights Read get_index_history Read get_legislation Read get_market_detail Read get_market_diff Read get_market_history Read get_market_index Read get_market_microstructure_history Read get_markets Read get_milestones Read get_newmarkets Read get_opinion Read get_orders Read get_positions Read get_public_skill Read get_regime_scan Read get_schedule Read get_settlements Read get_skills Read get_technical Read get_thesis_context Read get_trade_ideas Read get_world_delta Read get_world_state Read get_yield_curve Read get_yield_curves Read inspect_ticker Read legislation Read list_congress_members Read list_forum_channels Read list_glossary Read list_intents Read list_legislation Read list_opinions Read list_skills Read list_strategies Read list_technicals Read list_theses Read monitor_the_situation Read portfolio_activity_list Read portfolio_attribution_daily Read portfolio_attribution_grouped Read portfolio_fills_list Read portfolio_ledger_list Read portfolio_positions_list Read portfolio_risk_get Read query Read query_databento Read query_econ Read query_gov Read read_forum Read scan_markets Read screen_by_tickers Read screen_markets Read search_x Read site_search Read stt Read subscribe_forum Read tts Read what_if Read x_account Read x_news Read x_volume

FAQ

Can an AI agent delete data through the Simplefunctions MCP server? +

Yes. The Simplefunctions server exposes 1 destructive tools including cancel_intent. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Simplefunctions? +

The Simplefunctions server has 14 write tools including add_position, close_position, configure_heartbeat. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Simplefunctions.

How many tools does the Simplefunctions MCP server expose? +

108 tools across 4 categories: Destructive, Execute, Read, Write. 91 are read-only. 17 can modify, create, or delete data.

How do I enforce a policy on Simplefunctions? +

Register the Simplefunctions MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

Enforce policy on every Simplefunctions tool call.

Deterministic rules across all 108 Simplefunctions tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE SIMPLEFUNCTIONS →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

Simplefunctions

// TOOL MAP

// CONTEXT-WINDOW COST

// WHAT CAN GO WRONG

// RECOMMENDED RULES

// ALL 108 SIMPLEFUNCTIONS TOOLS

// FAQ