Mipiti MCP Server

143 tools. 69 can modify or destroy data without limits.

11 destructive tools with no built-in limits. Policy required.

Last updated:

69 can modify or destroy data
74 read-only
143 tools total

Community server · catalogue entry verified 03/07/2026

How to control Mipiti MCP Server ↓

What Mipiti MCP Server exposes to your agents

Read (74) Write / Execute (58) Destructive / Financial (11)
Critical Risk

The most dangerous Mipiti MCP Server tools

69 of Mipiti MCP Server's 143 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Mipiti MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Mipiti MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_assertion": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_asset": {
    "limits": [
      {
        "counter": "add_asset_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "assess_model": {
    "limits": [
      {
        "counter": "assess_model_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Mipiti MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MIPITI →

Instant setup, no code required.

All 143 Mipiti MCP Server tools

WRITE 55 tools
Write add_asset add_asset Write add_assumption add_assumption Write add_attacker add_attacker Write add_component add_component Write add_evidence add_evidence Write add_functional_test add_functional_test Write add_model_to_system Add a threat model to a system container. Write add_model_to_tag Add a model to a tag. A model may belong to many tags (overlapping). Write add_trust_boundary add_trust_boundary Write apply_certain_reconciliation_match apply_certain_reconciliation_match Write apply_finding_remediation apply_finding_remediation Write assign_asset_to_components assign_asset_to_components Write assign_control_to_components assign_control_to_components Write attach_foundation attach_foundation Write complete_setup_step Mark an onboarding setup step as done. Write convert_assumption_to_controls convert_assumption_to_controls Write create_reliance create_reliance Write create_system Create a new system container. Write create_tag create_tag Write edit_asset edit_asset Write edit_assumption edit_assumption Write edit_attacker edit_attacker Write edit_component edit_component Write edit_trust_boundary edit_trust_boundary Write generate_functional_objectives generate_functional_objectives Write generate_threat_model generate_threat_model Write import_compliance_framework import_compliance_framework Write import_controls import_controls Write import_threat_model_archive import_threat_model_archive Write link_dependency link_dependency Write map_control_to_requirement map_control_to_requirement Write propose_attach_foundation propose_attach_foundation Write refine_control refine_control Write refine_threat_model refine_threat_model Write reject_reconciliation_candidate reject_reconciliation_candidate Write remap_control remap_control Write remove_model_from_tag Remove a model from a tag (the model itself is not deleted). Write rename_threat_model Rename a threat model. Metadata change only, does not create new version. Write restore_asset Un-soft-delete an asset. Revives its tombstoned COs with Write restore_assumption restore_assumption Write restore_attacker Un-soft-delete an attacker. Revives tombstoned COs; un-orphans Write select_system_compliance_frameworks Select compliance frameworks for a system. Requires PRO tier. Write set_co_cal set_co_cal Write set_control_assumption_groups set_control_assumption_groups Write set_mitigation_groups set_mitigation_groups Write set_threat_model_parent set_threat_model_parent Write submit_assertions submit_assertions Write submit_attestation submit_attestation Write submit_findings Submit negative findings discovered by scanning codebase. Write submit_functional_tests submit_functional_tests Write unassume_control Clear the externally-handled status on a control. Write unreject_reconciliation_candidate unreject_reconciliation_candidate Write update_control_status update_control_status Write update_finding update_finding Write update_organization update_organization
READ 74 tools
Read assess_model assess_model Read assume_control assume_control Read auto_map_controls Use LLM to map controls to framework requirements. Takes 20-45 seconds. Read check_control_gaps Check for missing controls. Read check_functional_gaps Get the actionable functional gaps: applicable conditions with no Read confirm_reliance confirm_reliance Read declare_foundation declare_foundation Read export_tag_report export_tag_report Read export_threat_model export_threat_model Read export_threat_model_archive export_threat_model_archive Read get_asset Get a single asset. Soft-deleted assets carry deleted: true; Read get_assumption get_assumption Read get_attacker Get a single attacker. Soft-deleted attackers carry deleted: true. Read get_capability Get a single capability with its component and asset bindings. Read get_compliance_report get_compliance_report Read get_component Get a single component. Speculative components (repo_url="") Read get_composition_overview get_composition_overview Read get_control get_control Read get_control_assumption_groups get_control_assumption_groups Read get_control_objective get_control_objective Read get_control_objectives get_control_objectives Read get_controls get_controls Read get_effective_coverage get_effective_coverage Read get_findings_risks get_findings_risks Read get_functional_coverage Get the functional coverage report — per-objective state (verified / Read get_functional_objective Get a single functional objective (its Given-When-Then statement). Read get_functional_scan_prompt get_functional_scan_prompt Read get_mitigation_groups get_mitigation_groups Read get_model_risk_view get_model_risk_view Read get_reach_verdicts get_reach_verdicts Read get_reachability_verdicts get_reachability_verdicts Read get_review_queue Returns controls not reviewed in 90+ days. Read get_scan_prompt Get scan prompt to guide codebase gap discovery. Read get_setup_status Get project onboarding status. Read get_sufficiency get_sufficiency Read get_system Get a system container by ID with member model summaries. Read get_system_compliance_report get_system_compliance_report Read get_system_dependencies get_system_dependencies Read get_system_risk_view get_system_risk_view Read get_tag_compliance_report get_tag_compliance_report Read get_tag_risk_view get_tag_risk_view Read get_threat_model get_threat_model Read get_trust_boundary Get a single trust boundary, including its passes set Read get_verification_report get_verification_report Read lift_composition_entity lift_composition_entity Read list_assertions list_assertions Read list_attestations List attestation history for an assumption. Read list_capabilities List the capabilities (behaviours the feature must deliver) for a model. Read list_compliance_frameworks List available compliance frameworks. Read list_effective_attack_paths list_effective_attack_paths Read list_effective_control_objectives list_effective_control_objectives Read list_effective_entities list_effective_entities Read list_findings List negative findings for a threat model. Read list_functional_objectives List the functional objectives (Capability × Condition test plan). Read list_model_tags List every tag a model belongs to (overlapping membership). Read list_reconciliation_candidates list_reconciliation_candidates Read list_reconciliation_rejections list_reconciliation_rejections Read list_reliance list_reliance Read list_risk_acceptances list_risk_acceptances Read list_systems List all saved systems in current workspace. Read list_tags list_tags Read list_threat_models list_threat_models Read list_workspaces List workspaces the current user belongs to. Read model_coherence_report model_coherence_report Read preview_finding_remediation preview_finding_remediation Read preview_undo_lift_composition preview_undo_lift_composition Read preview_undo_split_composition preview_undo_split_composition Read query_threat_model Ask a question about an existing threat model. Read regenerate_controls regenerate_controls Read select_compliance_frameworks select_compliance_frameworks Read select_tag_compliance_frameworks select_tag_compliance_frameworks Read split_composition_entity split_composition_entity Read undo_lift_composition_event undo_lift_composition_event Read undo_split_composition_event undo_split_composition_event

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Mipiti MCP Server

Can an AI agent delete data through the Mipiti MCP Server MCP server? +

Yes. The Mipiti MCP Server server exposes 11 destructive tools including delete_assertion, delete_control, delete_reliance. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Mipiti MCP Server? +

The Mipiti MCP Server server has 55 write tools including add_asset, add_assumption, add_attacker. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Mipiti MCP Server.

How many tools does the Mipiti MCP Server MCP server expose? +

143 tools across 3 categories: Destructive, Read, Write. 74 are read-only. 69 can modify, create, or delete data.

How do I enforce a policy on Mipiti MCP Server? +

Register the Mipiti MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Mipiti MCP Server tool call.

Deterministic rules across all 143 Mipiti MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

143 Mipiti MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.