// SCAN REPORT

Loreto

13 tools. 3 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated: 11 Jun 2026

3 can modify or destroy data

10 read-only

13 tools total

Community server · catalogue entry verified 11/06/2026

How to control Loreto ↓

TOOL MAP

What Loreto exposes to your agents

Read (10) Write / Execute (2) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Loreto tools

Financial · Critical marketplace_purchase The name 'marketplace_purchase' indicates this tool completes a purchase/buy action on a marketplace, which constitutes a financial commitment. Write · Medium generate_skills Generates new skills (creates data structures/artifacts) that are stored and reusable, making it a Write operation. Write · Medium marketplace_publish The tool creates or modifies marketplace content (publishing a skill listing), which is reversible—listings can typically be unpublished or deleted.

3 of Loreto's 13 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Loreto

PolicyLayer is an MCP gateway — it sits between your AI agents and Loreto, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default

{
  "marketplace_purchase": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Rate limit write operations

{
  "generate_skills": {
    "limits": [
      {
        "counter": "generate_skills_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "estimate_cost": {
    "limits": [
      {
        "counter": "estimate_cost_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Loreto — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON LORETO →

Free to start. No card required.

FULL CATALOGUE

All 13 Loreto tools

FINANCIAL 1 tools

Financial marketplace_purchase marketplace_purchase

WRITE 2 tools

Write generate_skills generate_skills Write marketplace_publish marketplace_publish

READ 10 tools

Read estimate_cost estimate_cost Read get_quota get_quota Read get_skill get_skill Read list_skills list_skills Read marketplace_get_listing marketplace_get_listing Read marketplace_library Skills you own — free ones you've acquired and paid ones you've purchased. Read marketplace_my_listings Your own marketplace listings (published + drafts) with their counts. Read marketplace_my_metrics Your seller metrics: total sales, downloads, skills listed, gross/net Read marketplace_search marketplace_search Read verify_artifacts verify_artifacts

FAQ

Questions about Loreto

Can an AI agent move money through the Loreto MCP server? +

Yes. The Loreto server exposes 1 financial tools including marketplace_purchase. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

How do I prevent bulk modifications through Loreto? +

The Loreto server has 2 write tools including generate_skills, marketplace_publish. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Loreto.

How many tools does the Loreto MCP server expose? +

13 tools across 2 categories: Read, Write. 10 are read-only. 3 can modify, create, or delete data.

How do I enforce a policy on Loreto? +

Register the Loreto MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Loreto tool call.

Deterministic rules across all 13 Loreto tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON LORETO →

Free to start. No card required.

13 Loreto tools catalogued and risk-classified — across an index of 43,000+ MCP servers.