// SCAN REPORT

SousChef

96 tools. 54 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

54 can modify or destroy data
42 read-only
96 tools total

Community server · catalogue entry verified 12/06/2026

How to control SousChef ↓

TOOL MAP

What SousChef exposes to your agents

Read (42) Write / Execute (47) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous SousChef tools

Destructive · High rollback_v2_migration The name suggests rolling back a v2 migration, which typically involves undoing changes made during a migration process. Execute · High deploy_v2_migration The tool name suggests triggering deployment of a migration (v2), which would execute infrastructure configuration changes. Execute · High parse_bash_script Parsing bash scripts in an infrastructure migration context typically involves code analysis that may execute or evaluate script content. Execute · High parse_powershell Parsing PowerShell code can involve executing or deeply inspecting script logic, which is an Execute-category action.

54 of SousChef's 96 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control SousChef

PolicyLayer is an MCP gateway — it sits between your AI agents and SousChef, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "rollback_v2_migration": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "assign_github_copilot_to_issue": {
    "limits": [
      {
        "counter": "assign_github_copilot_to_issue_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "parse_attributes": {
    "limits": [
      {
        "counter": "parse_attributes_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register SousChef — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SOUSCHEF →

Free to start. No card required.

FULL CATALOGUE

All 96 SousChef tools

DESTRUCTIVE 1 tools
Destructive rollback_v2_migration rollback_v2_migration
EXECUTE 15 tools
Execute deploy_v2_migration deploy_v2_migration Execute parse_bash_script parse_bash_script Execute parse_powershell parse_powershell Execute parse_template Parse a Chef ERB template file and convert to Jinja2. Execute start_v2_migration start_v2_migration Execute stop_github_copilot_agent stop_github_copilot_agent Execute query_salt_master query_salt_master Execute validate_v2_playbooks validate_v2_playbooks Execute convert_all_cookbooks_comprehensive convert_all_cookbooks_comprehensive Execute convert_bash_to_ansible convert_bash_to_ansible Execute convert_powershell convert_powershell Execute convert_puppet_manifest_to_ansible_with_ai convert_puppet_manifest_to_ansible_with_ai Execute convert_salt_to_ansible convert_salt_to_ansible Execute resume_github_copilot_agent resume_github_copilot_agent Execute simulate_chef_to_awx_migration simulate_chef_to_awx_migration
WRITE 32 tools
Write assign_github_copilot_to_issue assign_github_copilot_to_issue Write convert_chef_databag_to_vars convert_chef_databag_to_vars Write convert_chef_environment_to_inventory_group convert_chef_environment_to_inventory_group Write convert_chef_handler_to_ansible convert_chef_handler_to_ansible Write convert_cookbook_comprehensive convert_cookbook_comprehensive Write convert_inspec_to_test Convert InSpec controls to test framework format. Write convert_puppet_manifest_to_ansible convert_puppet_manifest_to_ansible Write convert_puppet_module_to_ansible convert_puppet_module_to_ansible Write convert_puppet_module_to_ansible_with_ai convert_puppet_module_to_ansible_with_ai Write convert_puppet_resource_to_task convert_puppet_resource_to_task Write convert_resource_to_task convert_resource_to_task Write convert_salt_directory_to_ansible convert_salt_directory_to_ansible Write convert_salt_pillar_to_vars convert_salt_pillar_to_vars Write convert_template_with_ai convert_template_with_ai Write generate_ansible_repository generate_ansible_repository Write generate_ansible_role_from_bash generate_ansible_role_from_bash Write generate_ansible_upgrade_test_plan generate_ansible_upgrade_test_plan Write generate_github_workflow_from_chef generate_github_workflow_from_chef Write generate_gitlab_ci_from_chef generate_gitlab_ci_from_chef Write generate_handler_routing_config generate_handler_routing_config Write generate_inspec_from_recipe Generate InSpec controls from a Chef recipe. Write generate_inventory_from_chef_environments generate_inventory_from_chef_environments Write generate_jenkinsfile_from_chef generate_jenkinsfile_from_chef Write generate_migration_plan generate_migration_plan Write generate_migration_report generate_migration_report Write generate_powershell_role generate_powershell_role Write generate_salt_inventory generate_salt_inventory Write generate_salt_migration_report generate_salt_migration_report Write generate_windows_inventory_tool generate_windows_inventory_tool Write generate_windows_requirements generate_windows_requirements Write import_offline_bundle Import an offline bundle of Chef cookbooks. Write import_puppet_catalog_to_ir Import a compiled Puppet catalog for a selected node into the IR.
READ 42 tools
Read parse_attributes parse_attributes Read parse_chef_handler parse_chef_handler Read parse_chef_migration_assessment parse_chef_migration_assessment Read parse_cookbook_metadata Parse Chef cookbook metadata.rb file and return as dictionary. Read parse_custom_resource Parse a Chef custom resource or LWRP file. Read parse_habitat_plan parse_habitat_plan Read parse_inspec_profile Parse an InSpec profile and extract controls. Read parse_puppet_manifest parse_puppet_manifest Read parse_puppet_module parse_puppet_module Read parse_recipe Parse a Chef recipe file and extract resources. Read parse_salt_directory parse_salt_directory Read parse_salt_pillar parse_salt_pillar Read parse_salt_sls parse_salt_sls Read parse_salt_top parse_salt_top Read profile_cookbook_performance profile_cookbook_performance Read analyse_chef_databag_usage analyse_chef_databag_usage Read analyse_chef_environment_usage analyse_chef_environment_usage Read analyse_chef_search_patterns Analyse Chef search patterns in recipe or cookbook. Read analyse_cookbook_dependencies analyse_cookbook_dependencies Read analyze_powershell_fidelity analyze_powershell_fidelity Read check_ansible_eol_status check_ansible_eol_status Read check_github_copilot_agent_status check_github_copilot_agent_status Read get_chef_cookbooks get_chef_cookbooks Read get_chef_environments get_chef_environments Read get_chef_nodes get_chef_nodes Read get_chef_policies get_chef_policies Read get_chef_roles get_chef_roles Read get_version_combination_info get_version_combination_info Read list_cookbook_structure List the structure of a Chef cookbook directory. Read list_directory List the contents of a directory. Read list_migration_version_combinations list_migration_version_combinations Read list_puppet_server_nodes List Puppet nodes available from a certificate-authenticated connector. Read list_puppet_supported_resource_types List all Puppet resource types that can be automatically converted to Ansible. Read query_chef_server query_chef_server Read read_cookbook_metadata Parse Chef cookbook metadata.rb file. Read read_file Read the contents of a file. Read validate_ansible_collection_compatibility validate_ansible_collection_compatibility Read validate_chef_server_connection validate_chef_server_connection Read validate_conversion validate_conversion Read assess_ansible_upgrade_readiness assess_ansible_upgrade_readiness Read assess_chef_migration_complexity assess_chef_migration_complexity Read assess_salt_migration_complexity assess_salt_migration_complexity
OTHER 6 tools
Other configure_migration_simulation configure_migration_simulation Other generate_powershell_job_template generate_powershell_job_template Other pause_github_copilot_agent pause_github_copilot_agent Other plan_ansible_upgrade plan_ansible_upgrade Other plan_salt_migration plan_salt_migration Other profile_parsing_operation profile_parsing_operation
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about SousChef

Can an AI agent delete data through the SousChef MCP server? +

Yes. The SousChef server exposes 1 destructive tools including rollback_v2_migration. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through SousChef? +

The SousChef server has 32 write tools including assign_github_copilot_to_issue, convert_chef_databag_to_vars, convert_chef_environment_to_inventory_group. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach SousChef.

How many tools does the SousChef MCP server expose? +

96 tools across 3 categories: Execute, Read, Write. 42 are read-only. 54 can modify, create, or delete data.

How do I enforce a policy on SousChef? +

Register the SousChef MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every SousChef tool call.

Deterministic rules across all 96 SousChef tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON SOUSCHEF →

Free to start. No card required.

96 SousChef tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.