// SCAN REPORT

App Store Connect

27 tools. 8 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

8 can modify or destroy data
19 read-only
27 tools total

Community server · catalogue entry verified 11/06/2026

How to control App Store Connect ↓

TOOL MAP

What App Store Connect exposes to your agents

Read (19) Write / Execute (7) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous App Store Connect tools

Destructive · Medium remove_tester_from_group Removing a tester from a beta group is a destructive action that revokes their access and membership. Write · Medium add_tester_to_group This tool performs a Write operation—it creates or modifies data (adding a tester to a group) in a reversible manner. Write · Medium create_analytics_report_request This tool creates a new analytics report request, which is a reversible data modification operation. Write · High create_app_store_version This tool creates a new app store version, which is a reversible write operation that modifies app metadata and release state.

8 of App Store Connect's 27 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control App Store Connect

PolicyLayer is an MCP gateway — it sits between your AI agents and App Store Connect, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "remove_tester_from_group": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_tester_to_group": {
    "limits": [
      {
        "counter": "add_tester_to_group_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "download_analytics_report_segment": {
    "limits": [
      {
        "counter": "download_analytics_report_segment_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register App Store Connect — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON APP STORE CONNECT →

Free to start. No card required.

FULL CATALOGUE

All 27 App Store Connect tools

DESTRUCTIVE 1 tools
Destructive remove_tester_from_group Remove a tester from a beta group
WRITE 7 tools
Write add_tester_to_group Add a new tester to a beta group Write create_analytics_report_request Create a new analytics report request for an app Write create_app_store_version Create a new app store version for an app Write create_bundle_id Register a new bundle ID for app development Write disable_bundle_capability Disable a capability for a bundle ID Write enable_bundle_capability Enable a capability for a bundle ID Write update_app_store_version_localization Update a specific field in an app store version localization
READ 19 tools
Read download_analytics_report_segment Download data from an analytics report segment URL Read download_finance_report Download finance reports for a specific region Read download_sales_report Download sales and trends reports Read get_app_info Get detailed information about a specific app Read get_app_store_version_localization Get detailed information about a specific app store version localization Read get_beta_feedback_screenshot Get detailed information about a specific beta feedback screenshot submission. By default, downloads and retur Read get_bundle_id_info Get detailed information about a specific bundle ID Read list_analytics_report_segments Get segments for a specific analytics report (contains download URLs) Read list_analytics_reports Get available analytics reports for a specific report request Read list_app_store_version_localizations Get all localizations for a specific app store version Read list_app_store_versions Get all app store versions for a specific app Read list_apps Get a list of all apps in App Store Connect Read list_beta_feedback_screenshots List all beta feedback screenshot submissions for an app. This includes feedback with screenshots, device info Read list_beta_groups Get a list of all beta groups (internal and external) Read list_bundle_ids Find and list bundle IDs that are registered to your team Read list_devices Get a list of all devices registered to your team Read list_group_testers Get a list of all testers in a specific beta group Read list_schemes List all available schemes in an Xcode project or workspace Read list_users Get a list of all users registered on your App Store Connect team
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
admin
Mcp Afip 1300 tools
admin
Mcp Ap2 1300 tools
admin
BNB Chain MCP 1240 tools
admin
Nodebench 824 tools
admin
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
admin
Amazon Data Processing MCP Server 805 tools
admin
Amazon ECS MCP Server 805 tools
admin
FAQ

Questions about App Store Connect

Can an AI agent delete data through the App Store Connect MCP server? +

Yes. The App Store Connect server exposes 1 destructive tools including remove_tester_from_group. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through App Store Connect? +

The App Store Connect server has 7 write tools including add_tester_to_group, create_analytics_report_request, create_app_store_version. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach App Store Connect.

How many tools does the App Store Connect MCP server expose? +

27 tools across 3 categories: Destructive, Read, Write. 19 are read-only. 8 can modify, create, or delete data.

How do I enforce a policy on App Store Connect? +

Register the App Store Connect MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every App Store Connect tool call.

Deterministic rules across all 27 App Store Connect tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON APP STORE CONNECT →

Free to start. No card required.

27 App Store Connect tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.