// SCAN REPORT

MLflow MCP Server

40 tools. 13 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

13 can modify or destroy data
27 read-only
40 tools total

Community server · catalogue entry verified 12/06/2026

How to control MLflow MCP Server ↓

TOOL MAP

What MLflow MCP Server exposes to your agents

Read (27) Write / Execute (8) Destructive / Financial (5)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous MLflow MCP Server tools

Destructive · High delete_registered_model This tool irreversibly deletes data (a registered model and all its versions, aliases, and tags) and cannot be undone. Destructive · High delete_experiment The tool irreversibly removes an experiment and all associated runs from normal access, hiding them from UI and queries. Destructive · High delete_model_alias Although the model version itself persists, the alias deletion is irreversible and would cause immediate operational impact if misused—e.g., removing a 'champion' alias could break downstream systems relying on that alia Destructive · High delete_model_version This tool irreversibly deletes a model version and its associated metadata, with no recovery option.

13 of MLflow MCP Server's 40 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control MLflow MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and MLflow MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_experiment": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "transition_model_version_stage": {
    "limits": [
      {
        "counter": "transition_model_version_stage_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "compare_runs": {
    "limits": [
      {
        "counter": "compare_runs_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MLflow MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MLFLOW →

Free to start. No card required.

FULL CATALOGUE

All 40 MLflow MCP Server tools

DESTRUCTIVE 5 tools
Destructive delete_experiment Delete an experiment and all its runs. Moves to the 'deleted' lifecycle stage — not shown in UI or queries, bu Destructive delete_model_alias Remove an alias from a registered model (e.g. revoke 'champion'). The alias is permanently removed; the model Destructive delete_model_version Delete a specific model version from the registry. Irreversible — the version and its metadata cannot be recov Destructive delete_registered_model Delete an entire registered model and all its versions. Irreversible — all versions, aliases, and tags are per Destructive delete_run Delete a run. Moves it to the 'deleted' lifecycle stage — not shown in UI or queries, but recoverable via the
WRITE 8 tools
Write transition_model_version_stage transition_model_version_stage Write copy_model_version copy_model_version Write register_model register_model Write set_experiment_tag Set a tag on an experiment. Write set_model_alias set_model_alias Write set_registered_model_tag Set a tag on a registered model (e.g. problem_type, team, framework). Write set_run_tag Set a tag on a run (e.g. annotate best model, flag for review). Write update_model_version Update the description of a model version.
READ 27 tools
Read compare_runs Compare runs side-by-side with full metrics and params. Runs can be large — keep the list short. Read get_artifact_content Read and return artifact content (for text/json files) Read get_best_run Get the best run by a specific metric (e.g., highest accuracy, lowest loss). Works with metrics containing spe Read get_experiment_by_name Get experiment details by name (more convenient than ID) Read get_experiment_metrics Get all unique metric names used across all runs in an experiment Read get_experiment_params Get all unique parameter names used across all runs in an experiment Read get_experiment_tags Get all unique tag keys used across all runs in an experiment Read get_experiments Get all experiments Read get_latest_versions Get latest model versions for each stage (e.g. 'Staging', 'Production'). Read get_logged_model Get detailed information about a specific logged model by its ID. Read get_model_version Get specific model version details (metrics, stage, run_id) Read get_model_version_by_alias Get a model version by its alias (e.g. 'champion', 'production'). Read get_model_versions Get all versions of a registered model Read get_parent_run Get the parent run of a nested run. Returns None if the run has no parent. Read get_registered_model Get full details of a registered model including all versions and aliases. Can be large for models with many v Read get_registered_models List all registered models in the model registry Read get_run Get detailed information about a specific run. Run data can be large — avoid fetching many runs at once. Read get_run_artifact Download and return the local path to a specific artifact Read get_run_artifacts List artifacts for a specific run. Use 'path' to browse into directories (e.g., 'configs') Read get_run_metric Get the full history of a specific metric for a run Read get_run_metrics Get all metrics for a specific run with their latest values Read get_runs get_runs Read health Check MLflow server health and connectivity Read query_runs query_runs Read search_experiments search_experiments Read search_logged_models search_logged_models Read search_runs_by_tags Find runs with specific tags (e.g., {'team': 'nlp', 'production': 'true'}). Runs can be large — use wise limit
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
admin
Mcp Afip 1300 tools
admin
Mcp Ap2 1300 tools
admin
BNB Chain MCP 1240 tools
admin
Nodebench 824 tools
admin
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
admin
Amazon Data Processing MCP Server 805 tools
admin
Amazon ECS MCP Server 805 tools
admin
FAQ

Questions about MLflow MCP Server

Can an AI agent delete data through the MLflow MCP Server MCP server? +

Yes. The MLflow MCP Server server exposes 5 destructive tools including delete_experiment, delete_model_alias, delete_model_version. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MLflow MCP Server? +

The MLflow MCP Server server has 8 write tools including transition_model_version_stage, copy_model_version, register_model. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MLflow MCP Server.

How many tools does the MLflow MCP Server MCP server expose? +

40 tools across 3 categories: Destructive, Read, Write. 27 are read-only. 13 can modify, create, or delete data.

How do I enforce a policy on MLflow MCP Server? +

Register the MLflow MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MLflow MCP Server tool call.

Deterministic rules across all 40 MLflow MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MLFLOW →

Free to start. No card required.

40 MLflow MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.