// SCAN REPORT

Community Ff

25 tools. 2 can modify or destroy data without limits.

2 write tools that can modify data. Rate limits recommended.

Last updated:

2 can modify or destroy data
23 read-only
25 tools total

Community server · catalogue entry verified 12/06/2026

How to control Community Ff ↓

TOOL MAP

What Community Ff exposes to your agents

Read (23) Write / Execute (2) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Community Ff tools

Write · Medium sync_project This tool downloads and writes data to a local cache. Write · High update_project_yaml This tool creates or modifies project configuration data reversibly through YAML changes.

2 of Community Ff's 25 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Community Ff

PolicyLayer is an MCP gateway — it sits between your AI agents and Community Ff, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "sync_project": {
    "limits": [
      {
        "counter": "sync_project_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "find_component_usages": {
    "limits": [
      {
        "counter": "find_component_usages_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Community Ff — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON COMMUNITY FF →

Free to start. No card required.

FULL CATALOGUE

All 25 Community Ff tools

WRITE 2 tools
Write sync_project Sync an entire FlutterFlow project to the local cache. Downloads all YAML files (bulk or batched fallback) for Write update_project_yaml Push YAML changes to a FlutterFlow project. IMPORTANT: Always call validate_yaml first to check for errors bef
READ 23 tools
Read find_component_usages Find all pages and components where a given component is used, with parameter pass details. Cache-only, no API Read find_page_navigations Find all actions that navigate to a given page, showing source page, trigger, disabled status, and passed para Read get_api_endpoints Get API endpoint definitions from local cache — method, URL, variables, headers, response fields. No API calls Read get_app_settings Get App Settings — Authentication, Push Notifications, Mobile Deployment (version, build, stores), Web Deploym Read get_app_state Get app state variables, constants, and environment settings from local cache. No API calls. Run sync_project Read get_component_summary Get a readable summary of a FlutterFlow component from local cache — widget tree, actions, params. Nested comp Read get_custom_code Get custom actions, functions, widgets, AI agents, app action components, and custom files from local cache — Read get_data_models Get data structs, enums, Firestore collections, and Supabase tables from local cache. No API calls. Run sync_p Read get_editing_guide Get the recommended workflow and relevant documentation for a FlutterFlow editing task. Call this BEFORE modif Read get_general_settings Get General settings — App Details (name, package, initial page, routing), App Assets (icon, splash, error ima Read get_in_app_purchases Get In-App Purchases & Subscriptions settings — Stripe, Braintree, RevenueCat, Razorpay. Mirrors the FlutterFl Read get_integrations Get Integrations settings — Supabase, SQLite, GitHub, Algolia, Google Analytics, Google Maps, AdMob, Mux Lives Read get_page_by_name Fetch a FlutterFlow page by its human-readable name (e.g. Read get_page_summary Get a readable summary of a FlutterFlow page from local cache — widget tree, actions, params, state. Component Read get_project_setup Get Project Setup settings — Firebase services, Languages, Platforms, Permissions, Project Dependencies, Dev E Read get_project_yaml Read YAML files from the local project cache. Requires sync_project to be run first. Returns one file if fileN Read get_theme Get theme colors, typography, breakpoints, and widget defaults from local cache. No API calls. Run sync_projec Read get_yaml_docs Search and retrieve FlutterFlow YAML reference documentation. Use Read list_pages List all pages in a FlutterFlow project with human-readable names, scaffold IDs, and folder assignments. Use t Read list_project_files List all YAML file names in a FlutterFlow project. Supports optional prefix filter (e.g. Read list_projects List FlutterFlow projects for the authenticated user. NOTE: This may not return all projects you have access t Read search_project_files Search cached project file keys by keyword, prefix, or regex. Returns matching file keys for use with get_proj Read validate_yaml Validate YAML content before pushing changes to a FlutterFlow project. Always call this before update_project_
FAQ

Questions about Community Ff

How do I prevent bulk modifications through Community Ff? +

The Community Ff server has 2 write tools including sync_project, update_project_yaml. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Community Ff.

How many tools does the Community Ff MCP server expose? +

25 tools across 2 categories: Read, Write. 23 are read-only. 2 can modify, create, or delete data.

How do I enforce a policy on Community Ff? +

Register the Community Ff MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Community Ff tool call.

Deterministic rules across all 25 Community Ff tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON COMMUNITY FF →

Free to start. No card required.

25 Community Ff tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.