// SCAN REPORT

Node9-Proxy

16 tools. 5 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

5 can modify or destroy data
11 read-only
16 tools total

Community server · catalogue entry verified 11/06/2026

How to control Node9-Proxy ↓

TOOL MAP

Read (11) Write / Execute (4) Destructive / Financial (1)

MOST DANGEROUS TOOLS

Critical Risk
Destructive · High node9_undo_revert Reverting a working directory to a prior snapshot irreversibly overwrites the current state of the working directory. Write · High node9_approver_set This is a Write operation because it modifies existing configuration state in a reversible manner. Write · High node9_rule_add This tool creates or modifies configuration data (a new rule in the global node9 config file). Write · Medium node9_shield_enable Enabling a shield modifies the security configuration of a service by adding a protective layer.

5 of Node9-Proxy's 16 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL NODE9-PROXY

PolicyLayer is an MCP gateway — it sits between your AI agents and Node9-Proxy, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "node9_undo_revert": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "node9_approver_set": {
    "limits": [
      {
        "counter": "node9_approver_set_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "node9_approver_list": {
    "limits": [
      {
        "counter": "node9_approver_list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Node9-Proxy — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON NODE9-PROXY →

Free to start. No card required.

ALL 16 NODE9-PROXY TOOLS

DESTRUCTIVE 1 tools
Destructive node9_undo_revert Revert the working directory to a specific node9 snapshot.
WRITE 4 tools
Write node9_approver_set Enable or disable a specific node9 approver channel in the global config (~/.node9/config.json). Write node9_rule_add Add a new protective smart rule to the global node9 config (~/.node9/config.json). Write node9_shield_disable Disable a node9 shield. Use node9_shield_list to see currently active shields. Write node9_shield_enable Enable a node9 shield for a specific service. Shields only add protection — they cannot
READ 11 tools
Read node9_approver_list List all node9 approver channels and their current enabled/disabled state. Read node9_audit_get Read recent entries from the node9 audit log (~/.node9/audit.log). Read node9_config_get Read the current node9 configuration: security mode, approver channels, timeouts, Read node9_policy_get Show all active smart rules in detail — name, tool, verdict, conditions, and reason. Read node9_report Show an activity and security report: tool call counts, blocks, DLP findings, agent cost, Read node9_scan Scan all AI agent history (Claude + Gemini) and report what node9 would have blocked or Read node9_session List recent AI agent sessions with per-session summaries: tool calls, cost, modified files, Read node9_shield_list List all available node9 shields and which ones are currently active. Read node9_status Show the current node9 protection status: mode, daemon state, undo engine, pause state, Read node9_undo_detail Show the full details of a specific node9 snapshot: unified diff, exact files changed, Read node9_undo_list List the node9 snapshot history. Each entry shows the git hash, tool that triggered it,

FAQ

Can an AI agent delete data through the Node9-Proxy MCP server? +

Yes. The Node9-Proxy server exposes 1 destructive tools including node9_undo_revert. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Node9-Proxy? +

The Node9-Proxy server has 4 write tools including node9_approver_set, node9_rule_add, node9_shield_disable. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Node9-Proxy.

How many tools does the Node9-Proxy MCP server expose? +

16 tools across 2 categories: Read, Write. 11 are read-only. 5 can modify, create, or delete data.

How do I enforce a policy on Node9-Proxy? +

Register the Node9-Proxy MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Node9-Proxy tool call.

Deterministic rules across all 16 Node9-Proxy tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON NODE9-PROXY →

Free to start. No card required.

16 Node9-Proxy tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.