// SCAN REPORT

Midnight Nextjs

35 tools. 14 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

14 can modify or destroy data
21 read-only
35 tools total
// TOOL MAP
Read (21) Write / Execute (9) Destructive / Financial (5)
// WHAT CAN GO WRONG

Financial operations (midnight_transfer_tokens) can move real money. An agent caught in a loop could drain accounts before anyone notices.

Destructive tools (browser_eval, init, nextjs_call) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (disable_toolset, enable_cache_components, enable_toolset) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (midnight_call_contract, midnight_compile_contract, midnight_deploy_contract) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES
Block financial tools by default
midnight_transfer_tokens:
  rules:
    - action: deny

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
browser_eval:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
disable_toolset:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
get_environment_info:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 35 MIDNIGHT NEXTJS TOOLS
FINANCIAL 1 tools
Financial midnight_transfer_tokens
DESTRUCTIVE 4 tools
Destructive browser_eval Destructive init Destructive nextjs_call Destructive nextjs_index
EXECUTE 5 tools
Execute midnight_call_contract Execute midnight_compile_contract Execute midnight_deploy_contract Execute midnight_init Execute midnight_scaffold_project
WRITE 4 tools
Write disable_toolset Write enable_cache_components Write enable_toolset Write midnight_create_wallet
READ 21 tools
Read get_environment_info Read get_server_status Read get_session_info Read get_toolset_tools Read list_available_toolsets Read list_enabled_features Read midnight_analyze_contract Read midnight_check_versions Read midnight_get_balance Read midnight_get_block Read midnight_get_transaction Read midnight_network_status Read midnight_search_docs Read midnight_wallet_state Read midnight-docs-status Read midnight-fetch-docs Read midnight-list-docs Read midnight-search-docs Read midnight-sync-docs Read nextjs_docs Read upgrade_nextjs_16
// FAQ
Can an AI agent move money through the Midnight Nextjs MCP server? +

Yes. The Midnight Nextjs server exposes 1 financial tools including midnight_transfer_tokens. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. Intercept lets you block financial tools by default or set per-tool rate limits.

Can an AI agent delete data through the Midnight Nextjs MCP server? +

Yes. The Midnight Nextjs server exposes 4 destructive tools including browser_eval, init, nextjs_call. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Midnight Nextjs? +

The Midnight Nextjs server has 4 write tools including disable_toolset, enable_cache_components, enable_toolset. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Midnight Nextjs MCP server expose? +

35 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 21 are read-only. 14 can modify, create, or delete data.

How do I add Intercept to my Midnight Nextjs setup? +

One line change. Instead of running the Midnight Nextjs server directly, prefix it with Intercept: intercept -c midnight-next-js-mcp.yaml -- npx -y @midnight-nextjs-mcp. Download a pre-built policy from policylayer.com/policies/midnight-next-js-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Aibtc 308 tools
paymentsadminautomation
Agent Passport System — Cryptographic Identity for AI Agents 150 tools
paymentsadminautomation
Xdevplatform/xmcp 135 tools
paymentsadminautomation
Hiveagent 122 tools
paymentsadminautomation
MERX - TRON Resource Exchange 66 tools
paymentsadminautomation
Helius 63 tools
paymentsadminautomation
Indigo Protocol MCP 62 tools
paymentsadminautomation
Clareo 45 tools
paymentsadminautomation

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.