Universal Mcp Toolkit

64 tools. 12 can modify or destroy data without limits.

12 write tools that can modify data. Rate limits recommended.

Last updated:

12 can modify or destroy data
52 read-only
64 tools total

Community server · catalogue entry verified 29/06/2026

How to control Universal Mcp Toolkit ↓

What Universal Mcp Toolkit exposes to your agents

Read (52) Write / Execute (12) Destructive / Financial (0)
High Risk

The most dangerous Universal Mcp Toolkit tools

12 of Universal Mcp Toolkit's 64 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Universal Mcp Toolkit

PolicyLayer is an MCP gateway — it sits between your AI agents and Universal Mcp Toolkit, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "comment_on_issue": {
    "limits": [
      {
        "counter": "comment_on_issue_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "currently-playing": {
    "limits": [
      {
        "counter": "currently-playing_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Universal Mcp Toolkit — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON UNIVERSAL MCP TOOLKIT →

Instant setup, no code required.

All 64 Universal Mcp Toolkit tools

READ 52 tools
Read currently-playing Return the current Spotify playback state and active track, if any. Read describe-table Inspect columns and constraints for a PostgreSQL table. Read export-file Export a Google Workspace document to text or another target MIME type. Read find-documents Find documents in a MongoDB collection using a JSON filter and projection. Read get_best_stories Fetches Hacker News beststories ranking from the public Firebase API and returns summaries, unlike get_top_sto Read get_deployment Fetch details for a specific Vercel deployment. Read get_file_contents Read a file from a GitHub repository at an optional ref and return decoded contents with file metadata. Read get_issue Fetch a Jira issue with normalized fields, description text, and comments. Read get_item_thread Fetches one Hacker News item by numeric itemId and expands its nested comment tree, unlike story-list tools or Read get_new_stories Fetches Hacker News newest stories from the Firebase newstories ranking and returns summaries, unlike get_top_ Read get_package_metadata Fetch npm registry metadata for a specific package. Read get_paper Fetch a specific arXiv paper by identifier. Read get_pull_request Fetch a pull request with mergeability, reviewer, and diff summary details. Read get_top_stories Fetches the current Hacker News front-page/topstories ranking from the public Firebase API and returns story s Read get_worker Fetch Cloudflare Worker settings for a specific script. Read get-file-metadata Fetch metadata, ownership, and links for a specific Google Drive file. Read get-invoice Fetch a Stripe invoice with line-item details and billing links. Read get-key Fetch a Redis key with type-aware decoding and TTL metadata. Read get-page Retrieve a Notion page, its properties, and an optional excerpt of top-level content blocks. Read inspect_container Inspect an individual Docker container. Read inspect-server-info Read INFO output from Redis and parse it into name/value pairs. Read list_commits List recent commits for a repository with an optional branch or commitish selector. Read list_containers List Docker containers running on the current daemon. Read list_deployments List recent Vercel deployments, optionally scoped to a project. Read list_files List files under an allowlisted root directory. Read list_images List Docker images available on the current daemon. Read list_issues List repository issues with optional state, label, and assignee filters. Read list_package_versions List recent versions and dist-tags for a package in the npm registry. Read list_projects List Vercel projects that the current token can access. Read list_recent_papers List the most recent papers for an arXiv category. Read list_releases List repository releases with tag, draft, prerelease, publication, URL, and body details. Read list_routes List routes attached to Cloudflare Workers in the account. Read list_workers List worker scripts in the configured Cloudflare account. Read list_workflow_runs List recent GitHub Actions workflow runs for a repository with optional branch and status filters. Read list-calendars List accessible Google Calendars, including primary and shared calendars. Read list-collections List collections in a MongoDB database with optional prefix filtering. Read list-customers List Stripe customers, optionally filtered by email address. Read list-events List events from a Google Calendar within an optional time window. Read list-playlists List the authenticated Spotify user Read list-storage-buckets List storage buckets available in the configured Supabase project. Read list-subscriptions List Stripe subscriptions, optionally for a single customer. Read list-tables List tables and views visible to the configured PostgreSQL connection. Read query-table Query a Supabase table with select, filters, ordering, and row limits. Read read_file Read a file from an allowlisted root. Read search_issues Search Jira issues with JQL or structured filters and return normalized issue summaries. Read search_packages Search the npm registry for packages matching a text query. Read search_papers Search arXiv papers by keyword or phrase. Read search_repositories Search public or private repositories visible to the configured GitHub token. Read search_stories Searches Hacker News stories by keyword via the public Algolia HN API and returns summaries ranked by Algolia Read search-files Search Google Drive files by text query and optional MIME type. Read search-pages Search Notion pages by title and indexed content with cursor-based pagination. Read search-tracks Search Spotify tracks by query string.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Universal Mcp Toolkit

How do I prevent bulk modifications through Universal Mcp Toolkit? +

The Universal Mcp Toolkit server has 9 write tools including comment_on_issue, create_issue, create_or_update_file. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Universal Mcp Toolkit.

How many tools does the Universal Mcp Toolkit MCP server expose? +

64 tools across 3 categories: Execute, Read, Write. 52 are read-only. 12 can modify, create, or delete data.

How do I enforce a policy on Universal Mcp Toolkit? +

Register the Universal Mcp Toolkit MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Universal Mcp Toolkit tool call.

Deterministic rules across all 64 Universal Mcp Toolkit tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

64 Universal Mcp Toolkit tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.