// SCAN REPORT

Novyx

120 tools. 52 can modify or destroy data without limits.

16 destructive tools with no built-in limits. Policy required.

Last updated: 11 Jun 2026

52 can modify or destroy data

68 read-only

120 tools total

Community server · catalogue entry verified 11/06/2026

How to control Novyx ↓

TOOL MAP

Read (68) Write / Execute (36) Destructive / Financial (16)

MOST DANGEROUS TOOLS

Critical Risk

Destructive · High cancel_mission Cancelling a mission in a governance/workflow context typically terminates an in-progress operation irreversibly. Destructive · High defense_remove Removing a deployed defense rule is destructive because it cannot be easily undone and eliminates an active security control. Destructive · High delete_agent This tool removes an agent irreversibly with no undo mechanism stated. Destructive · High delete_capability This tool performs an irreversible deletion operation on a capability pack, which cannot be undone.

52 of Novyx's 120 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL NOVYX

PolicyLayer is an MCP gateway — it sits between your AI agents and Novyx, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "cancel_mission": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "accept_shared_context": {
    "limits": [
      {
        "counter": "accept_shared_context_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "action_history": {
    "limits": [
      {
        "counter": "action_history_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Novyx — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON NOVYX →

Free to start. No card required.

ALL 120 NOVYX TOOLS

DESTRUCTIVE 16 tools

Destructive cancel_mission Cancel a mission. Destructive defense_remove Remove a deployed defense rule. Destructive delete_agent Delete an agent. Destructive delete_capability Delete a capability pack. Destructive delete_entity Delete a knowledge graph entity and all its triples. Destructive delete_mission Delete a mission. Destructive delete_policy delete_policy Destructive delete_space Delete a context space (owner only). Destructive delete_triple Delete a knowledge graph triple. Destructive eval_baseline_delete Delete an eval baseline. Destructive forget Delete a memory by its UUID. Destructive revoke_shared_context Revoke a shared context invitation. Destructive unlink Remove a link between two memories. Destructive rollback rollback Destructive rollback_to_checkpoint Rollback a mission to a previous checkpoint. Destructive reject_branch Reject all open drafts in a branch/session.

EXECUTE 11 tools

Execute cortex_run cortex_run Execute defense_deploy defense_deploy Execute eval_run eval_run Execute pause_mission Pause a running mission. Execute replay_diff replay_diff Execute replay_lifecycle replay_lifecycle Execute replay_snapshot replay_snapshot Execute replay_timeline replay_timeline Execute action_submit action_submit Execute approve_action approve_action Execute resume_mission Resume a paused mission.

WRITE 25 tools

Write accept_shared_context Accept a shared context invitation. Write draft_memory draft_memory Write remember remember Write threat_mitigate Mark a threat signature as mitigated. Write threat_record threat_record Write add_triple add_triple Write cortex_update_config cortex_update_config Write create_agent create_agent Write create_capability create_capability Write create_checkpoint Create a checkpoint for a mission (rollback point). Write create_intervention create_intervention Write create_mission create_mission Write create_policy create_policy Write create_space create_space Write eval_baseline_create eval_baseline_create Write link_memories Create a directed link between two memories. Write merge_branch Merge all open drafts in a branch/session. Write merge_draft Merge a reviewed draft into canonical memory. Write reject_draft Reject a draft without creating a memory. Write trace_complete Mark an execution trace as complete. Write trace_create trace_create Write update_agent update_agent Write update_capability update_capability Write update_mission update_mission Write update_space update_space

READ 68 tools

Read action_history List recent Control actions with their status. Read action_status action_status Read audit Get the audit trail of memory operations. Read audit_verify Verify the integrity of the audit trail. Read check_policy check_policy Read context_now Get a snapshot of your current memory context. Read coordinated_attack_check coordinated_attack_check Read correlate_threat correlate_threat Read cortex_config Get the current Cortex configuration. Read cortex_insights List auto-generated memory insights. Read cortex_status Get Cortex autonomous intelligence status. Read dashboard Get a full dashboard overview. Read defense_effectiveness Measure the effectiveness of a deployed defense. Read defense_list defense_list Read defense_recommend defense_recommend Read defense_record_block defense_record_block Read defense_stats Get overall defense statistics. Read detect_campaign detect_campaign Read draft_diff Show a field-level diff for a memory draft. Read eval_baselines List all saved eval baselines. Read eval_drift Detect memory drift over a time period. Read eval_gate CI gate — pass or fail based on memory health score. Read eval_history List past memory evaluation runs. Read explain_action explain_action Read get_agent Get an agent by ID. Read get_capability Get a capability pack by ID. Read get_checkpoint Get a checkpoint by ID. Read get_entity Get a knowledge graph entity and its associated triples. Read get_intervention Get a supervisor intervention by ID. Read get_links Get all links for a memory. Read get_mission Get a mission by ID. Read graph_edges graph_edges Read list_agents List all agents for the current tenant. Read list_capabilities List registered capability packs. Read list_checkpoints List checkpoints for a mission. Read list_entities list_entities Read list_interventions List supervisor interventions. Read list_memories List stored memories with optional tag filtering. Read list_missions List missions for the current tenant. Read list_pending list_pending Read list_policies list_policies Read list_spaces List all context spaces you can access. Read memory_branch Get grouped review information for a branch/session of drafts. Read memory_drafts List current memory drafts. Read memory_health Check the health of your agent's memory. Read memory_stats Get memory statistics for the current account. Read query_triples query_triples Read recall recall Read related_signatures related_signatures Read replay_memory Get the full history of a single memory. Read replay_memory_drift Detect memory drift between two timestamps. Read replay_recall replay_recall Read rollback_history List past rollback operations. Read rollback_preview rollback_preview Read share_space share_space Read shared_contexts List all shared contexts you have access to. Read space_memories space_memories Read stream_status Get real-time memory stream connection status. Read supersede supersede Read threat_feed threat_feed Read threat_match threat_match Read threat_signature threat_signature Read threat_stats Get overall threat intelligence statistics. Read threat_trending threat_trending Read tool_health tool_health Read trace_step trace_step Read trace_verify Verify an execution trace's integrity. Read audit_export Export the full audit log.

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Can an AI agent delete data through the Novyx MCP server? +

Yes. The Novyx server exposes 16 destructive tools including cancel_mission, defense_remove, delete_agent. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Novyx? +

The Novyx server has 25 write tools including accept_shared_context, draft_memory, remember. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Novyx.

How many tools does the Novyx MCP server expose? +

120 tools across 4 categories: Destructive, Execute, Read, Write. 68 are read-only. 52 can modify, create, or delete data.

How do I enforce a policy on Novyx? +

Register the Novyx MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Novyx tool call.

Deterministic rules across all 120 Novyx tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON NOVYX →

Free to start. No card required.

120 Novyx tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

Novyx

// TOOL MAP

// MOST DANGEROUS TOOLS

// HOW TO CONTROL NOVYX

// ALL 120 NOVYX TOOLS

// RELATED SERVERS

// FAQ