Arr Stack

42 tools. 9 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

9 can modify or destroy data
33 read-only
42 tools total

Community server · catalogue entry verified 02/07/2026

How to control Arr Stack ↓

What Arr Stack exposes to your agents

Read (33) Write / Execute (5) Destructive / Financial (3)
Critical Risk

The most dangerous Arr Stack tools

9 of Arr Stack's 42 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Arr Stack

PolicyLayer is an MCP gateway — it sits between your AI agents and Arr Stack, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "lidarr.artist_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "lidarr.artist_add": {
    "limits": [
      {
        "counter": "lidarr.artist_add_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "jellyfin.library_search": {
    "limits": [
      {
        "counter": "jellyfin.library_search_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Arr Stack — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON ARR STACK →

Instant setup, no code required.

All 42 Arr Stack tools

READ 33 tools
Read jellyfin.library_search jellyfin.library_search Read jellyfin.now_playing jellyfin.now_playing Read jellyfin.recent_additions jellyfin.recent_additions Read jellyfin.system_info jellyfin.system_info Read jellyfin.users_list jellyfin.users_list Read lidarr.artist_albums lidarr.artist_albums Read lidarr.artist_lookup lidarr.artist_lookup Read lidarr.artist_search lidarr.artist_search Read lidarr.queue List active Lidarr downloads with progress, ETA, and download client. Read lidarr.system_status lidarr.system_status Read prowlarr.health prowlarr.health Read prowlarr.indexer_list prowlarr.indexer_list Read prowlarr.indexer_stats prowlarr.indexer_stats Read prowlarr.indexer_status prowlarr.indexer_status Read prowlarr.search prowlarr.search Read prowlarr.system_status prowlarr.system_status Read radarr.calendar radarr.calendar Read radarr.missing List monitored movies that are released but not on disk. Oldest-first. Read radarr.movie_lookup radarr.movie_lookup Read radarr.movie_search radarr.movie_search Read radarr.queue List active Radarr downloads with progress, ETA, and download client. Read radarr.system_status radarr.system_status Read sonarr.calendar sonarr.calendar Read sonarr.missing sonarr.missing Read sonarr.queue sonarr.queue Read sonarr.series_lookup sonarr.series_lookup Read sonarr.series_search sonarr.series_search Read sonarr.series_status sonarr.series_status Read sonarr.system_status sonarr.system_status Read stack.dryrun_log stack.dryrun_log Read stack.find_anywhere stack.find_anywhere Read stack.health stack.health Read stack.queue_status_all stack.queue_status_all

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Arr Stack

Can an AI agent delete data through the Arr Stack MCP server? +

Yes. The Arr Stack server exposes 3 destructive tools including lidarr.artist_delete, radarr.movie_delete, sonarr.series_delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Arr Stack? +

The Arr Stack server has 3 write tools including lidarr.artist_add, radarr.movie_add, sonarr.series_add. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Arr Stack.

How many tools does the Arr Stack MCP server expose? +

42 tools across 3 categories: Destructive, Read, Write. 33 are read-only. 9 can modify, create, or delete data.

How do I enforce a policy on Arr Stack? +

Register the Arr Stack MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Arr Stack tool call.

Deterministic rules across all 42 Arr Stack tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

42 Arr Stack tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.