// SCAN REPORT

Agent Orchestration

35 tools. 19 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

19 can modify or destroy data
16 read-only
35 tools total

Community server · catalogue entry verified 12/06/2026

How to control Agent Orchestration ↓

TOOL MAP

What Agent Orchestration exposes to your agents

Read (16) Write / Execute (17) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Agent Orchestration tools

Destructive · High memory_delete This tool irreversibly deletes data from shared memory used by multiple AI agents for coordination. Destructive · Medium agent_unregister Unregistering an agent permanently removes it from the coordination system and releases all its held locks. Execute · Medium bootstrap While nominally descriptive, bootstrap operations trigger registration and session activation which constitute controlled executions. Execute · Medium lock_acquire Acquiring a lock is an operation that triggers an external coordination mechanism — it modifies shared state (the lock registry) and can block or disrupt other agents/processes from accessing a resource.

19 of Agent Orchestration's 35 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Agent Orchestration

PolicyLayer is an MCP gateway — it sits between your AI agents and Agent Orchestration, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "memory_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "claim_todo": {
    "limits": [
      {
        "counter": "claim_todo_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "agent_list": {
    "limits": [
      {
        "counter": "agent_list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Agent Orchestration — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON AGENT ORCHESTRATION →

Free to start. No card required.

FULL CATALOGUE

All 35 Agent Orchestration tools

DESTRUCTIVE 2 tools
Destructive memory_delete Delete a value from shared memory. Destructive agent_unregister Unregister this agent and release all held locks. Call at the end of your session.
EXECUTE 3 tools
Execute bootstrap Initialize agent session: register (if needed), get current focus, pending tasks, and recent decisions. Call t Execute cursor_recover_task Recover a failed or stale delegated Cursor task by relaunching it with the latest shared context. Execute lock_acquire Acquire a lock on a resource to prevent concurrent access.
WRITE 14 tools
Write claim_todo FOR SUB-AGENTS: Register yourself AND claim a specific task in one call. Use this when you were spawned to wor Write cursor_delegate_task Delegate a task to Cursor CLI and store session metadata for later resume/sync. Write cursor_sync_task Refresh a delegated Cursor task, sync the latest provider status, and persist knowledge back into shared memor Write research_ready Mark research as complete for a task. Validates that all required research items are documented based on task Write task_claim Claim a task to work on it. Sets status to in_progress. Requires research to be complete for non-trivial tasks Write agent_heartbeat Send a heartbeat to indicate agent is still active. Call periodically during long operations. Write agent_register Register this agent with the orchestration system. Call this at the start of your session. Write cursor_handoff_task Write a structured handoff for a delegated Cursor task so the next agent can resume with shared context. Write lock_release Release a lock you are holding. Write memory_set Store a value in shared memory. Use namespaces to organize: context, decisions, findings, blockers. Write task_complete Mark a task as completed with optional output. Write task_create Create a new task in the task queue. Complexity is auto-detected from title/description but can be overridden. Write task_generate_doc Generate or refresh the Markdown documentation for a task using current orchestration state. Write task_update Update a task status or progress.
READ 16 tools
Read agent_list List all registered agents in the orchestration system. Read agent_whoami Get information about your current agent identity. Read coordination_status Get overall coordination status: active agents, pending tasks, held locks. Read cursor_check Check whether Cursor CLI is installed and which orchestration features are available. Read cursor_list_delegations List all tasks currently delegated to Cursor, including last known status and session metadata. Read cursor_task_status Show the latest health, recovery state, and hints for a delegated Cursor task. Read event_list List recent orchestration events (who did what, when). Useful for debugging coordination. Read is_my_turn Check if it Read memory_get Retrieve a value from shared memory. Read memory_list List all keys in a namespace. Read research_checklist Get the research checklist for a specific complexity level. Shows what needs to be documented before implement Read research_query Search past research findings across all tasks. Useful for finding relevant context from previous work. Read research_status Check research progress for a task. Shows what research is required, completed, and missing based on task comp Read task_list List tasks with optional filters. Read cursor_resume_task Return the Cursor resume command for a delegated task and refresh its last known status. Read lock_check Check if a resource is currently locked.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Agent Orchestration

Can an AI agent delete data through the Agent Orchestration MCP server? +

Yes. The Agent Orchestration server exposes 2 destructive tools including memory_delete, agent_unregister. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Agent Orchestration? +

The Agent Orchestration server has 14 write tools including claim_todo, cursor_delegate_task, cursor_sync_task. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Agent Orchestration.

How many tools does the Agent Orchestration MCP server expose? +

35 tools across 4 categories: Destructive, Execute, Read, Write. 16 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on Agent Orchestration? +

Register the Agent Orchestration MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Agent Orchestration tool call.

Deterministic rules across all 35 Agent Orchestration tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON AGENT ORCHESTRATION →

Free to start. No card required.

35 Agent Orchestration tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.