// SCAN REPORT

Proton-MCP

36 tools. 18 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

18 can modify or destroy data
18 read-only
36 tools total

Community server · catalogue entry verified 12/06/2026

How to control Proton-MCP ↓

TOOL MAP

What Proton-MCP exposes to your agents

Read (18) Write / Execute (14) Destructive / Financial (4)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Proton-MCP tools

Destructive · High calendar__delete_event Deletion of calendar events cannot be undone and constitutes irreversible data loss. Destructive · High drive__delete This tool permanently removes data from Proton Drive and cannot be undone. Destructive · High mail__delete_message This tool irreversibly removes email messages from the user's inbox. Destructive · High pass__trash_item Moving a credential to trash is a destructive action — credentials are removed from active use and placed in trash, which is typically a precursor to permanent deletion.

18 of Proton-MCP's 36 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Proton-MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Proton-MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "calendar__delete_event": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "mail__forward_message": {
    "limits": [
      {
        "counter": "mail__forward_message_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "calendar__get_event": {
    "limits": [
      {
        "counter": "calendar__get_event_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Proton-MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON PROTON-MCP →

Free to start. No card required.

FULL CATALOGUE

All 36 Proton-MCP tools

DESTRUCTIVE 4 tools
Destructive calendar__delete_event Delete a calendar event Destructive drive__delete Delete a file or folder from Proton Drive Destructive mail__delete_message Permanently delete an email from inbox Destructive pass__trash_item Move a credential to the trash in Proton Pass
WRITE 14 tools
Write mail__forward_message Forward an email to another recipient Write mail__star_message Star or unstar an email Write calendar__create_event Create a calendar event. Use for reminders, follow-ups, and deadlines. Write calendar__update_event Update an existing calendar event Write drive__mkdir Create a folder on Proton Drive Write drive__upload Upload a file to Proton Drive Write drive__upload_folder Upload a folder to Proton Drive (copies all contents recursively) Write mail__mark_message Mark an email as read or unread Write mail__move_message Move an email to a different folder (e.g. Trash, Archive, a label) Write mail__reply_message Reply to an email, preserving the thread. Set reply_all=true to include all original recipients. Write mail__send_message Send an email via Proton Mail. Supports CC, BCC, HTML, and file attachments. Write pass__create_item Store a new login credential in Proton Pass Write pass__generate_password Generate a random password using Proton Pass Write pass__update_item Update an existing credential in Proton Pass
READ 18 tools
Read calendar__get_event Get a single calendar event by its UID Read calendar__list_events List calendar events in a date range. Can read both Jorgenclaw and Scott calendars. Read drive__download Download a file or folder from Proton Drive to local path Read drive__list List files and folders at a path on Proton Drive Read mail__get_attachments Download attachments from an email. Returns base64-encoded content. Read mail__get_message Get a single email by message ID (sequence number). Includes threading headers. Read mail__get_thread Fetch the full email chain (thread) for a message Read mail__get_unread Get unread emails from Proton Mail inbox Read mail__list_folder_messages List messages in a specific folder (Sent, Drafts, Trash, or any label) Read mail__list_folders List all mail folders and labels Read mail__list_messages List recent emails from Proton Mail inbox Read mail__search_messages Search emails by keyword in subject and body Read pass__get_item Get a credential from Proton Pass by name. Returns username, password, and URLs. Read pass__get_totp Generate the current TOTP authentication code for an item in Proton Pass. Use for autonomous 2FA. Read pass__list_items List credential names in a Proton Pass vault (no passwords returned) Read pass__list_vaults List available Proton Pass vaults Read pass__search_items Search Proton Pass items by keyword (no passwords returned) Read vpn__status Check VPN connection status — shows current IP, location, and whether traffic is routed through ProtonVPN
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
admin
Mcp Afip 1300 tools
admin
Mcp Ap2 1300 tools
admin
BNB Chain MCP 1240 tools
admin
Nodebench 824 tools
admin
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
admin
Amazon Data Processing MCP Server 805 tools
admin
Amazon ECS MCP Server 805 tools
admin
FAQ

Questions about Proton-MCP

Can an AI agent delete data through the Proton- MCP server? +

Yes. The Proton-MCP server exposes 4 destructive tools including calendar__delete_event, drive__delete, mail__delete_message. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Proton-MCP? +

The Proton-MCP server has 14 write tools including mail__forward_message, mail__star_message, calendar__create_event. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Proton-MCP.

How many tools does the Proton- MCP server expose? +

36 tools across 3 categories: Destructive, Read, Write. 18 are read-only. 18 can modify, create, or delete data.

How do I enforce a policy on Proton-MCP? +

Register the Proton- MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Proton-MCP tool call.

Deterministic rules across all 36 Proton-MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON PROTON-MCP →

Free to start. No card required.

36 Proton-MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.