// SCAN REPORT

Kernel MCP Server

16 tools. 15 can modify or destroy data without limits.

15 write tools that can modify data. Rate limits recommended.

Last updated: 11 Jun 2026

15 can modify or destroy data

1 read-only

16 tools total

Community server · catalogue entry verified 11/06/2026

How to control Kernel MCP Server ↓

TOOL MAP

What Kernel MCP Server exposes to your agents

Read (1) Write / Execute (15) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

High Risk

The most dangerous Kernel MCP Server tools

Execute · High computer_action This tool executes arbitrary browser and computer actions (clicks, typing, key presses, clipboard writes, CLI reads) whose effects depend entirely on the arguments provided. Execute · Critical exec_command This tool allows running arbitrary shell commands within a browser VM, making it Execute (not Read) because it can trigger any external operation or side effect depending on arguments. Execute · High execute_playwright_code The tool runs user-supplied automation code in a browser context, which constitutes code execution. Execute · High browser_curl This tool executes HTTP requests via a browser session, which constitutes an external operation with effects that depend on the arguments (method, URL, headers, body).

15 of Kernel MCP Server's 16 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Kernel MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Kernel MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations

{
  "manage_api_keys": {
    "limits": [
      {
        "counter": "manage_api_keys_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "search_docs": {
    "limits": [
      {
        "counter": "search_docs_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Kernel MCP Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON KERNEL →

Free to start. No card required.

FULL CATALOGUE

All 16 Kernel MCP Server tools

EXECUTE 7 tools

Execute computer_action Execute computer actions on a browser session. Pass a single action for simple operations (e.g. one click or o Execute exec_command Execute a command synchronously inside a browser VM. Returns stdout, stderr, and exit code. The command field Execute execute_playwright_code Execute Playwright/TypeScript automation code against a Kernel browser session. If session_id is provided, use Execute browser_curl Send an HTTP request through an existing Kernel browser session Execute manage_apps Manage Kernel apps, deployments, and invocations. Use Execute manage_browser_pools Manage pools of pre-warmed browser instances for fast acquisition. Use Execute manage_browsers Manage browser sessions in the Kernel platform. Use action

WRITE 8 tools

Write manage_api_keys Manage Kernel API keys. Use Write manage_auth_connections Manage Kernel managed auth connections for keeping a profile logged into a third-party site. Use Write manage_credential_providers Manage external credential providers (e.g. 1Password). Write manage_credentials Manage credentials stored in Kernel for managed auth. Write manage_extensions Manage browser extensions uploaded to your organization. Use Write manage_profiles Manage browser profiles that persist cookies, logins, and session data across browser sessions. Use action Write manage_projects Manage Kernel projects for resource isolation within an organization. Use Write manage_proxies Manage proxy configurations for routing browser traffic. Use

READ 1 tools

Read search_docs Search Kernel platform documentation for guides, tutorials, and API references. Use when you need to understan

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Kernel MCP Server

How do I prevent bulk modifications through Kernel MCP Server? +

The Kernel MCP Server server has 8 write tools including manage_api_keys, manage_auth_connections, manage_credential_providers. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Kernel MCP Server.

How many tools does the Kernel MCP Server MCP server expose? +

16 tools across 3 categories: Execute, Read, Write. 1 are read-only. 15 can modify, create, or delete data.

How do I enforce a policy on Kernel MCP Server? +

Register the Kernel MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Kernel MCP Server tool call.

Deterministic rules across all 16 Kernel MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON KERNEL →

Free to start. No card required.

16 Kernel MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.