// SCAN REPORT

Mcp Erpnext

120 tools. 32 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

32 can modify or destroy data
88 read-only
120 tools total
// TOOL MAP
Read (88) Write / Execute (29) Destructive / Financial (3)
// WHAT CAN GO WRONG

Destructive tools (erpnext_doc_cancel, erpnext_doc_delete, erpnext_sales_order_cancel) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (erpnext_asset_create, erpnext_company_create, erpnext_customer_create) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

One command. Full control.

Intercept sits between your agent and Mcp Erpnext. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @casys/mcp-erpnext
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
erpnext_doc_cancel:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
erpnext_asset_create:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
erpnext_account_list:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 120 MCP ERPNEXT TOOLS
DESTRUCTIVE 3 tools
Destructive erpnext_doc_cancel Destructive erpnext_doc_delete Destructive erpnext_sales_order_cancel
WRITE 29 tools
Write erpnext_asset_create Write erpnext_company_create Write erpnext_customer_create Write erpnext_customer_update Write erpnext_delivery_note_create Write erpnext_doc_create Write erpnext_doc_submit Write erpnext_doc_update Write erpnext_expense_claim_create Write erpnext_item_create Write erpnext_item_update Write erpnext_journal_entry_create Write erpnext_kanban_move_card Write erpnext_lead_create Write erpnext_leave_application_create Write erpnext_project_create Write erpnext_purchase_order_create Write erpnext_quotation_create Write erpnext_revenue_trend Write erpnext_sales_invoice_create Write erpnext_sales_invoice_submit Write erpnext_sales_order_create Write erpnext_sales_order_submit Write erpnext_sales_order_update Write erpnext_stock_entry_create Write erpnext_supplier_create Write erpnext_task_create Write erpnext_task_update Write erpnext_work_order_create
READ 88 tools
Read erpnext_account_list Read erpnext_ar_aging Read erpnext_asset_category_list Read erpnext_asset_get Read erpnext_asset_list Read erpnext_asset_maintenance_get Read erpnext_asset_maintenance_list Read erpnext_asset_movement_get Read erpnext_asset_movement_list Read erpnext_attendance_list Read erpnext_bom_get Read erpnext_bom_list Read erpnext_campaign_list Read erpnext_company_list Read erpnext_contact_get Read erpnext_contact_list Read erpnext_customer_get Read erpnext_customer_list Read erpnext_delivery_note_get Read erpnext_delivery_note_list Read erpnext_doc_get Read erpnext_doc_list Read erpnext_employee_get Read erpnext_employee_list Read erpnext_expense_claim_list Read erpnext_gross_profit Read erpnext_item_get Read erpnext_item_list Read erpnext_job_card_get Read erpnext_job_card_list Read erpnext_journal_entry_get Read erpnext_journal_entry_list Read erpnext_kanban_get_board Read erpnext_kpi_gross_margin Read erpnext_kpi_orders Read erpnext_kpi_outstanding Read erpnext_kpi_overdue Read erpnext_kpi_revenue Read erpnext_lead_get Read erpnext_lead_list Read erpnext_leave_application_get Read erpnext_leave_application_list Read erpnext_leave_balance Read erpnext_opportunity_get Read erpnext_opportunity_list Read erpnext_order_breakdown Read erpnext_payment_entry_get Read erpnext_payment_entry_list Read erpnext_payroll_entry_list Read erpnext_price_vs_qty Read erpnext_product_radar Read erpnext_profit_loss Read erpnext_project_get Read erpnext_project_list Read erpnext_purchase_invoice_get Read erpnext_purchase_invoice_list Read erpnext_purchase_order_get Read erpnext_purchase_order_list Read erpnext_purchase_receipt_get Read erpnext_purchase_receipt_list Read erpnext_quotation_get Read erpnext_quotation_list Read erpnext_revenue_vs_orders Read erpnext_salary_slip_get Read erpnext_salary_slip_list Read erpnext_sales_chart Read erpnext_sales_funnel Read erpnext_sales_invoice_get Read erpnext_sales_invoice_list Read erpnext_sales_order_get Read erpnext_sales_order_list Read erpnext_shipment_get Read erpnext_shipment_list Read erpnext_stock_balance Read erpnext_stock_chart Read erpnext_stock_entry_get Read erpnext_stock_entry_list Read erpnext_stock_treemap Read erpnext_supplier_get Read erpnext_supplier_list Read erpnext_supplier_quotation_list Read erpnext_task_get Read erpnext_task_list Read erpnext_timesheet_get Read erpnext_timesheet_list Read erpnext_warehouse_list Read erpnext_work_order_get Read erpnext_work_order_list
// FAQ
Can an AI agent delete data through the Mcp Erpnext MCP server? +

Yes. The Mcp Erpnext server exposes 3 destructive tools including erpnext_doc_cancel, erpnext_doc_delete, erpnext_sales_order_cancel. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Mcp Erpnext? +

The Mcp Erpnext server has 29 write tools including erpnext_asset_create, erpnext_company_create, erpnext_customer_create. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Mcp Erpnext MCP server expose? +

120 tools across 3 categories: Destructive, Read, Write. 88 are read-only. 32 can modify, create, or delete data.

How do I add Intercept to my Mcp Erpnext setup? +

One line change. Instead of running the Mcp Erpnext server directly, prefix it with Intercept: intercept -c mcp-erpnext.yaml -- npx -y @@casys/mcp-erpnext. Download a pre-built policy from policylayer.com/policies/mcp-erpnext and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 310 tools
admin
Aibtc 288 tools
admin
Google Super 200 tools
admin
Trello 200 tools
admin
Propresenter 177 tools
admin
Leaper Vision Toolkit 169 tools
admin
Apiosk 160 tools
admin
Mcp Sitecore 153 tools
admin
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.