// SCAN REPORT

NEAR MCP

23 tools. 13 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated:

13 can modify or destroy data
10 read-only
23 tools total

Community server · catalogue entry verified 11/06/2026

How to control NEAR MCP ↓

TOOL MAP

What NEAR MCP exposes to your agents

Read (10) Write / Execute (6) Destructive / Financial (6)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous NEAR MCP tools

Financial · Critical ref_finance_execute_swap The tool name contains 'execute_swap' which indicates it performs a financial swap operation (exchanging tokens/assets) on the Ref Finance decentralized exchange on the NEAR blockchain. Financial · Critical tokens_send_ft The name 'tokens_send_ft' on a NEAR blockchain MCP server almost certainly transfers fungible tokens (FT) between accounts. Financial · Critical tokens_send_near The tool name explicitly indicates sending NEAR tokens, which constitutes a financial transaction moving cryptocurrency. Destructive · Critical system_remove_local_account This tool permanently deletes or removes a local account, which is an irreversible action with severe consequences.

13 of NEAR MCP's 23 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control NEAR MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and NEAR MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "ref_finance_execute_swap": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "account_delete_access_keys": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "account_add_access_key": {
    "limits": [
      {
        "counter": "account_add_access_key_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "account_list_access_keys": {
    "limits": [
      {
        "counter": "account_list_access_keys_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register NEAR MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON NEAR →

Free to start. No card required.

FULL CATALOGUE

All 23 NEAR MCP tools

FINANCIAL 3 tools
Financial ref_finance_execute_swap ref_finance_execute_swap Financial tokens_send_ft tokens_send_ft Financial tokens_send_near tokens_send_near
DESTRUCTIVE 3 tools
Destructive account_delete_access_keys account_delete_access_keys Destructive account_delete_account account_delete_account Destructive system_remove_local_account system_remove_local_account
EXECUTE 2 tools
Execute account_sign_data account_sign_data Execute contract_call_raw_function contract_call_raw_function
WRITE 4 tools
Write account_add_access_key account_add_access_key Write account_create_account account_create_account Write account_create_implicit_account account_create_implicit_account Write system_import_account system_import_account
READ 10 tools
Read account_list_access_keys account_list_access_keys Read account_verify_signature account_verify_signature Read account_view_account_summary account_view_account_summary Read contract_call_raw_function_as_read_only contract_call_raw_function_as_read_only Read contract_get_function_args contract_get_function_args Read contract_view_functions contract_view_functions Read ref_finance_get_pools ref_finance_get_pools Read ref_finance_get_swap_estimate ref_finance_get_swap_estimate Read search_near_fungible_tokens search_near_fungible_tokens Read system_list_local_keypairs List all NEAR accounts and their keypairs in the local keystore by network.
OTHER 1 tools
Other account_export_account account_export_account
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about NEAR MCP

Can an AI agent move money through the NEAR MCP server? +

Yes. The NEAR MCP server exposes 3 financial tools including ref_finance_execute_swap, tokens_send_ft, tokens_send_near. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the NEAR MCP server? +

Yes. The NEAR MCP server exposes 3 destructive tools including account_delete_access_keys, account_delete_account, system_remove_local_account. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through NEAR MCP? +

The NEAR MCP server has 4 write tools including account_add_access_key, account_create_account, account_create_implicit_account. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach NEAR MCP.

How many tools does the NEAR MCP server expose? +

23 tools across 4 categories: Destructive, Execute, Read, Write. 10 are read-only. 13 can modify, create, or delete data.

How do I enforce a policy on NEAR MCP? +

Register the NEAR MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every NEAR MCP tool call.

Deterministic rules across all 23 NEAR MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON NEAR →

Free to start. No card required.

23 NEAR MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.