// SCAN REPORT

Mcp Erpnext

120 tools. 32 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

32 can modify or destroy data
88 read-only
120 tools total

32 Mcp Erpnext tools can modify or destroy data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE MCP ERPNEXT →

Free to start. No card required.

TOOL MAP

Read (88) Write / Execute (29) Destructive / Financial (3)

CONTEXT-WINDOW COST

14,090 tokens of tool definitions, loaded on every request
7.0% of a 200k context window
311 heaviest tool: erpnext_sales_invoice_create

Full per-tool breakdown → Model it in the token calculator →

WHAT CAN GO WRONG

Destructive tools (erpnext_doc_cancel, erpnext_doc_delete, erpnext_sales_order_cancel) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (erpnext_asset_create, erpnext_company_create, erpnext_customer_create) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

RECOMMENDED RULES

Deny destructive operations
{
  "erpnext_doc_cancel": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "erpnext_asset_create": {
    "limits": [
      {
        "counter": "erpnext_asset_create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "erpnext_account_list": {
    "limits": [
      {
        "counter": "erpnext_account_list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Get this policy live on your own Mcp Erpnext server in minutes. Tune the limits to your setup; PolicyLayer enforces it on every call.

ENFORCE ON MY MCP ERPNEXT →

ALL 120 MCP ERPNEXT TOOLS

DESTRUCTIVE 3 tools
Destructive erpnext_doc_cancel Destructive erpnext_doc_delete Destructive erpnext_sales_order_cancel
WRITE 29 tools
Write erpnext_asset_create Write erpnext_company_create Write erpnext_customer_create Write erpnext_customer_update Write erpnext_delivery_note_create Write erpnext_doc_create Write erpnext_doc_submit Write erpnext_doc_update Write erpnext_expense_claim_create Write erpnext_item_create Write erpnext_item_update Write erpnext_journal_entry_create Write erpnext_kanban_move_card Write erpnext_lead_create Write erpnext_leave_application_create Write erpnext_project_create Write erpnext_purchase_order_create Write erpnext_quotation_create Write erpnext_revenue_trend Write erpnext_sales_invoice_create Write erpnext_sales_invoice_submit Write erpnext_sales_order_create Write erpnext_sales_order_submit Write erpnext_sales_order_update Write erpnext_stock_entry_create Write erpnext_supplier_create Write erpnext_task_create Write erpnext_task_update Write erpnext_work_order_create
READ 88 tools
Read erpnext_account_list Read erpnext_ar_aging Read erpnext_asset_category_list Read erpnext_asset_get Read erpnext_asset_list Read erpnext_asset_maintenance_get Read erpnext_asset_maintenance_list Read erpnext_asset_movement_get Read erpnext_asset_movement_list Read erpnext_attendance_list Read erpnext_bom_get Read erpnext_bom_list Read erpnext_campaign_list Read erpnext_company_list Read erpnext_contact_get Read erpnext_contact_list Read erpnext_customer_get Read erpnext_customer_list Read erpnext_delivery_note_get Read erpnext_delivery_note_list Read erpnext_doc_get Read erpnext_doc_list Read erpnext_employee_get Read erpnext_employee_list Read erpnext_expense_claim_list Read erpnext_gross_profit Read erpnext_item_get Read erpnext_item_list Read erpnext_job_card_get Read erpnext_job_card_list Read erpnext_journal_entry_get Read erpnext_journal_entry_list Read erpnext_kanban_get_board Read erpnext_kpi_gross_margin Read erpnext_kpi_orders Read erpnext_kpi_outstanding Read erpnext_kpi_overdue Read erpnext_kpi_revenue Read erpnext_lead_get Read erpnext_lead_list Read erpnext_leave_application_get Read erpnext_leave_application_list Read erpnext_leave_balance Read erpnext_opportunity_get Read erpnext_opportunity_list Read erpnext_order_breakdown Read erpnext_payment_entry_get Read erpnext_payment_entry_list Read erpnext_payroll_entry_list Read erpnext_price_vs_qty Read erpnext_product_radar Read erpnext_profit_loss Read erpnext_project_get Read erpnext_project_list Read erpnext_purchase_invoice_get Read erpnext_purchase_invoice_list Read erpnext_purchase_order_get Read erpnext_purchase_order_list Read erpnext_purchase_receipt_get Read erpnext_purchase_receipt_list Read erpnext_quotation_get Read erpnext_quotation_list Read erpnext_revenue_vs_orders Read erpnext_salary_slip_get Read erpnext_salary_slip_list Read erpnext_sales_chart Read erpnext_sales_funnel Read erpnext_sales_invoice_get Read erpnext_sales_invoice_list Read erpnext_sales_order_get Read erpnext_sales_order_list Read erpnext_shipment_get Read erpnext_shipment_list Read erpnext_stock_balance Read erpnext_stock_chart Read erpnext_stock_entry_get Read erpnext_stock_entry_list Read erpnext_stock_treemap Read erpnext_supplier_get Read erpnext_supplier_list Read erpnext_supplier_quotation_list Read erpnext_task_get Read erpnext_task_list Read erpnext_timesheet_get Read erpnext_timesheet_list Read erpnext_warehouse_list Read erpnext_work_order_get Read erpnext_work_order_list

FAQ

Can an AI agent delete data through the Mcp Erpnext MCP server? +

Yes. The Mcp Erpnext server exposes 3 destructive tools including erpnext_doc_cancel, erpnext_doc_delete, erpnext_sales_order_cancel. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Mcp Erpnext? +

The Mcp Erpnext server has 29 write tools including erpnext_asset_create, erpnext_company_create, erpnext_customer_create. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Mcp Erpnext.

How many tools does the Mcp Erpnext MCP server expose? +

120 tools across 3 categories: Destructive, Read, Write. 88 are read-only. 32 can modify, create, or delete data.

How do I enforce a policy on Mcp Erpnext? +

Register the Mcp Erpnext MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

Nodebench 724 tools
admin
AdButler 622 tools
admin
UnClick 451 tools
admin
NowAIKit — ServiceNow AI Toolkit 446 tools
admin
0nmcp 407 tools
admin
ServiceNow MCP Server 384 tools
admin
TheProtocol — Sovereign AI Agent Platform 380 tools
admin
Aibtc 327 tools
admin

Enforce policy on every Mcp Erpnext tool call.

Deterministic rules across all 120 Mcp Erpnext tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE MCP ERPNEXT →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.