// SCAN REPORT

JFrog MCP Server

36 tools. 15 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

15 can modify or destroy data
21 read-only
36 tools total

Community server · catalogue entry verified 11/06/2026

How to control JFrog MCP Server ↓

TOOL MAP

What JFrog MCP Server exposes to your agents

Read (21) Write / Execute (13) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous JFrog MCP Server tools

Destructive · High jfrog_delete_permission_resource The tool performs deletion of permission/access control resources, which cannot be undone and affects security posture. Destructive · High jfrog_delete_permission_target This tool permanently removes access control configuration from the JFrog platform. Execute · High jfrog_execute_aql_query Although AQL queries are typically read-only by design, the tool is classified as Execute rather than Read because: (1) the description explicitly uses 'Execute' as the action verb, (2) AQL is a query language that can p Execute · High jfrog_distribute_release_bundle Distributing a release bundle triggers an external operation that pushes artifacts to target environments.

15 of JFrog MCP Server's 36 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control JFrog MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and JFrog MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "jfrog_delete_permission_resource": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "jfrog_create_local_repository": {
    "limits": [
      {
        "counter": "jfrog_create_local_repository_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "jfrog_check_availability": {
    "limits": [
      {
        "counter": "jfrog_check_availability_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register JFrog MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON JFROG →

Free to start. No card required.

FULL CATALOGUE

All 36 JFrog MCP Server tools

DESTRUCTIVE 2 tools
Destructive jfrog_delete_permission_resource Delete a specific resource type from a permission target Destructive jfrog_delete_permission_target Delete a permission target from the JFrog platform
EXECUTE 2 tools
Execute jfrog_execute_aql_query Execute an Artifactory Query Language (AQL) query to search for artifacts, builds, or other entities in JFrog Execute jfrog_distribute_release_bundle Distribute a release bundle to a target environment
WRITE 11 tools
Write jfrog_create_local_repository Create a new local repository in artifactroy Write jfrog_create_permission_target Create a new permission target in the JFrog platform Write jfrog_create_project Create a new project in the JFrog platform Write jfrog_create_release_bundle create a release bundle in the jfrog platform Write jfrog_create_remote_repository Create a new remote repository in Artifactory to proxy external package registries Write jfrog_create_virtual_repository Create a new virtual repository in Artifactory that aggregates multiple repositories Write jfrog_promote_release_bundle Promote a release bundle version by copying or moving its contents Write jfrog_replace_permission_resource Replace a specific resource type within a permission target Write jfrog_set_folder_property Set properties on a folder in Artifactory, with optional recursive application Write jfrog_update_permission_resource Update a specific resource type within a permission target Write jfrog_update_permission_target Update an existing permission target in the JFrog platform
READ 21 tools
Read jfrog_check_availability Check if JFrog platform is ready and functioning or not Read jfrog_get_artifacts_summary Get the summary of artifacts, one or many Read jfrog_get_package_curation_status Useful for checking the curation status of a specific package version. Returns one of the following statuses: Read jfrog_get_package_info Useful for when you need to get publicly available information about a software package. Read jfrog_get_package_version_vulnerabilities Useful for when you need the list of known vulnerabilities affecting a specific version of an open source pack Read jfrog_get_package_versions Useful for when you need to get a list of versions of a publicly available package. Read jfrog_get_permission_resource Get details of a specific resource type within a permission target Read jfrog_get_permission_target Get detailed information about a specific permission target Read jfrog_get_runtime_specific_cluster return a runtime cluster by id Read jfrog_get_specific_build Get details for a specific build by name, optionally scoped to a project Read jfrog_get_specific_project Get detailed information about a specific project in the JFrog platform Read jfrog_get_specific_release_bundle Get a list of all version of a specific release bundle Read jfrog_get_vulnerability_info Useful for when you need to get a specific vulnerability information, including its affected packages and vers Read jfrog_list_associated_instances get all JFrog Platform Deployment (JPD) instances associated with the current JFrog Platform Read jfrog_list_builds return a list of all my build in the jfrog platform Read jfrog_list_environments Get a list of all environments types (e.g. dev, prod, etc.) in the JFrog platform with their details Read jfrog_list_permission_targets Get a list of all permission targets in the JFrog platform Read jfrog_list_projects Get a list of all projects in the JFrog platform with their details Read jfrog_list_repositories List all repositories in Artifactory with optional filtering by type, package type, and project Read jfrog_list_running_images List all running container images across runtime clusters with their security and operational status Read jfrog_list_runtime_clusters return a list of all my runtime clusters in the jfrog platform
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about JFrog MCP Server

Can an AI agent delete data through the JFrog MCP Server MCP server? +

Yes. The JFrog MCP Server server exposes 2 destructive tools including jfrog_delete_permission_resource, jfrog_delete_permission_target. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through JFrog MCP Server? +

The JFrog MCP Server server has 11 write tools including jfrog_create_local_repository, jfrog_create_permission_target, jfrog_create_project. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach JFrog MCP Server.

How many tools does the JFrog MCP Server MCP server expose? +

36 tools across 4 categories: Destructive, Execute, Read, Write. 21 are read-only. 15 can modify, create, or delete data.

How do I enforce a policy on JFrog MCP Server? +

Register the JFrog MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every JFrog MCP Server tool call.

Deterministic rules across all 36 JFrog MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON JFROG →

Free to start. No card required.

36 JFrog MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.