// SCAN REPORT

brainMD

17 tools. 2 can modify or destroy data without limits.

2 write tools that can modify data. Rate limits recommended.

Last updated:

2 can modify or destroy data
15 read-only
17 tools total

Community server · catalogue entry verified 11/06/2026

How to control brainMD ↓

TOOL MAP

What brainMD exposes to your agents

Read (15) Write / Execute (2) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous brainMD tools

Write · Medium write_note This tool creates or modifies data (markdown notes) but does not permanently delete or destroy data. Write · Medium append_note This tool modifies an existing note by appending content to it.

2 of brainMD's 17 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control brainMD

PolicyLayer is an MCP gateway — it sits between your AI agents and brainMD, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "append_note": {
    "limits": [
      {
        "counter": "append_note_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "compare_notes": {
    "limits": [
      {
        "counter": "compare_notes_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register brainMD — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON BRAINMD →

Free to start. No card required.

FULL CATALOGUE

All 17 brainMD tools

WRITE 2 tools
Write append_note Append a paragraph to an existing note (ensures a blank-line separator). Write write_note Create or overwrite a note. Content is full body.
READ 15 tools
Read compare_notes Compare two notes: cosine similarity of intros + naive unified diff + shared headings. Read context_for_query Pack top-relevant chunks into a markdown context block under a token budget. Returns text + sources + truncate Read current_datetime Server Read find_orphans Notes with zero backlinks AND low semantic neighbours (isolation = 1 - max cosine). Read find_related Notes semantically close to a given note path (excludes self). Optional Read find_similar_tasks Semantic search across task lines (- [ ] / - [x]). Filter open/done/all. Read get_backlinks Backlinks for a given note path. Read get_tasks Aggregate tasks vault-wide. Read list_notes List all notes (and folders) in the vault. Read list_tags All tags in the vault with usage counts. Read read_note Read a single note. Returns content + mtime. Read search_notes Full-text search across the vault. Returns top 50 hits. Optional Read semantic_outline Cluster a note Read similar_notes Semantic (vector) search via RAG. Returns top-k chunks with paths and snippets. Optional Read weekly_digest Topic clusters across notes modified in a recent window (e.g.
FAQ

Questions about brainMD

How do I prevent bulk modifications through brainMD? +

The brainMD server has 2 write tools including append_note, write_note. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach brainMD.

How many tools does the brainMD MCP server expose? +

17 tools across 2 categories: Read, Write. 15 are read-only. 2 can modify, create, or delete data.

How do I enforce a policy on brainMD? +

Register the brainMD MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every brainMD tool call.

Deterministic rules across all 17 brainMD tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON BRAINMD →

Free to start. No card required.

17 brainMD tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.