// SCAN REPORT

Velociraptor MCP

28 tools. 2 can modify or destroy data without limits.

2 write tools that can modify data. Rate limits recommended.

Last updated:

2 can modify or destroy data
26 read-only
28 tools total

Community server · catalogue entry verified 11/06/2026

How to control Velociraptor MCP ↓

TOOL MAP

What Velociraptor MCP exposes to your agents

Read (26) Write / Execute (2) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Velociraptor MCP tools

Execute · High collect_forensic_triage This tool executes a triage collection process on a Windows client, which is a triggering action with effects determined by the Velociraptor platform's triage artifact definitions. Execute · High collect_artifact Velociraptor's 'collect_artifact' operation triggers active data collection on remote endpoints, executing forensic artifact collection jobs.

2 of Velociraptor MCP's 28 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Velociraptor MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Velociraptor MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "client_info": {
    "limits": [
      {
        "counter": "client_info_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Velociraptor MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON VELOCIRAPTOR →

Free to start. No card required.

FULL CATALOGUE

All 28 Velociraptor MCP tools

EXECUTE 2 tools
Execute collect_forensic_triage Start a Windows.Triage.Targets basic triage collection and return flow metadata. Args: client_id: Execute collect_artifact collect_artifact
READ 26 tools
Read client_info Retrieve client information from the Velociraptor server. Args: hostname: Hostname or FQDN of the Read get_collection_results get_collection_results Read linux_groups List groups on a Linux host. Args: client_id: The Velociraptor client ID. org_id: Opt Read linux_mounts List mounts on a Linux host. Args: client_id: The Velociraptor client ID. org_id: Opt Read linux_netstat_enriched List network connections (netstat) with process metadata on a Linux host. Args: client_id: Th Read linux_pslist List running processes on a Linux host. Args: client_id: The Velociraptor client ID. org_ Read linux_users List users on a Linux host. Args: client_id: The Velociraptor client ID. org_id: Opti Read list_linux_artifacts Finds Availible Linux artifacts. Read list_orgs List available Velociraptor orgs for multi-tenant deployments. Returns: A list of org metadata in Read list_windows_artifacts Finds Availible Windows artifacts. Generally paramaters that target filename regexs are more performant Read windows_evidence_of_download Collect evidence of download from a Windows host. Args: client_id: Velociraptor client ID. Read windows_execution_activitiesCache Evidence of execution from activitiesCache.db (windows timeline) of system activity on a Windows host. Ar Read windows_execution_amcache Collect evidence of execution from Amcache on a Windows host. Args: client_id: Velociraptor clien Read windows_execution_bam Extract evidence of execution from the BAM (Background Activity Moderator) registry key on a Windows host. Read windows_execution_prefetch Parse Prefetch files on a Windows host to identify previously executed programs. Args: client_id: Read windows_execution_shimcache Parse ShimCache (AppCompatCache) entries from the registry on a Windows host. Note: Presence of a Read windows_execution_userassist Extract evidence of execution from UserAssist registry keys. Args: client_id: Velociraptor client Read windows_mounted_mass_storage_usb Collect evidence of mounted mass storage from Registry on a Windows host. Args: client_id: Veloci Read windows_mountpoints2 Collect evidence of download from a Windows host. Args: client_id: Velociraptor client ID. Read windows_netstat_enriched List network connections (netstat) with process metadata on a Windows host. Args: client_id: Velo Read windows_ntfs_mft Search MFT for filename or path on a Windows machine. This is a forensic collection and may return many rows. Read windows_pslist List running processes on a Windows host. Args: client_id: Velociraptor client ID. org_id Read windows_recentdocs Collect RecentDocs from Registry on a Windows host. Args: client_id: Velociraptor client ID. Read windows_scheduled_tasks List scheduled tasks (persistance) with metadata on a Windows host Args: client_id: Velociraptor Read windows_services List services with metadata on a Windows host. Args: client_id: Velociraptor client ID. o Read windows_shellbags Collect Shellbags from Registry on a Windows host. Args: client_id: Velociraptor client ID.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about Velociraptor MCP

Is the Velociraptor MCP server safe to use without restrictions? +

The Velociraptor MCP server is primarily read-only with 26 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the Velociraptor MCP server expose? +

28 tools across 2 categories: Execute, Read. 26 are read-only. 2 can modify, create, or delete data.

How do I enforce a policy on Velociraptor MCP? +

Register the Velociraptor MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Velociraptor MCP tool call.

Deterministic rules across all 28 Velociraptor MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON VELOCIRAPTOR →

Free to start. No card required.

28 Velociraptor MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.