// SCAN REPORT

Dap

14 tools. 11 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated: 11 Jun 2026

11 can modify or destroy data

3 read-only

14 tools total

Community server · catalogue entry verified 11/06/2026

How to control Dap ↓

TOOL MAP

What Dap exposes to your agents

Read (3) Write / Execute (9) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Dap tools

Destructive · Medium remove_all_breakpoints This tool irreversibly removes all breakpoints at once, which is a bulk destructive operation that cannot be easily undone (breakpoints would need to be manually re-added). Destructive · High terminate Terminating a debugging session is an irreversible action that ends the running process and destroys the session state. Execute · High launch Launching a debuggee program is an execute action that triggers external code execution. Execute · Medium change_frame This tool modifies the active state of a debugging session by switching the current call stack frame.

11 of Dap's 14 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Dap

PolicyLayer is an MCP gateway — it sits between your AI agents and Dap, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "remove_all_breakpoints": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "remove_breakpoint": {
    "limits": [
      {
        "counter": "remove_breakpoint_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "get_launch_config": {
    "limits": [
      {
        "counter": "get_launch_config_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Dap — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON DAP →

Free to start. No card required.

FULL CATALOGUE

All 14 Dap tools

DESTRUCTIVE 2 tools

Destructive remove_all_breakpoints Remove all breakpoints currently set in the debugger. Destructive terminate Terminate the current debugging session.

EXECUTE 7 tools

Execute launch Launch the debuggee program. Set breakpoints before launching if necessary. Execute change_frame Change the current debugging frame to the specified frame ID. Execute continue_execution Continue execution in the debugger after hitting a breakpoint. Execute evaluate Evaluate an expression in the current debugging context. Execute next Step over to the next line of code in the debugger. Execute step_in Step into the function call in the debugger. Execute step_out Step out of the current function in the debugger.

WRITE 2 tools

Write remove_breakpoint Remove a breakpoint from the specified file and line. Write set_breakpoint Set a breakpoint at the specified file and line with an optional condition.

READ 3 tools

Read get_launch_config Returns the user provided launch configuration along with its detailed schema for a DAP-compatible debugger. T Read list_all_breakpoints List all breakpoints currently set in the debugger. Read view_file_around_line Returns the lines of source code and the source code around the specified line. You should ALWAYS prefer this

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Dap

Can an AI agent delete data through the Dap MCP server? +

Yes. The Dap server exposes 2 destructive tools including remove_all_breakpoints, terminate. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Dap? +

The Dap server has 2 write tools including remove_breakpoint, set_breakpoint. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Dap.

How many tools does the Dap MCP server expose? +

14 tools across 4 categories: Destructive, Execute, Read, Write. 3 are read-only. 11 can modify, create, or delete data.

How do I enforce a policy on Dap? +

Register the Dap MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Dap tool call.

Deterministic rules across all 14 Dap tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON DAP →

Free to start. No card required.

14 Dap tools catalogued and risk-classified — across an index of 43,000+ MCP servers.