// SCAN REPORT

CloudStack MCP Server

45 tools. 20 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

20 can modify or destroy data
25 read-only
45 tools total

Community server · catalogue entry verified 12/06/2026

How to control CloudStack MCP Server ↓

TOOL MAP

What CloudStack MCP Server exposes to your agents

Read (25) Write / Execute (19) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous CloudStack MCP Server tools

Destructive · Critical destroy_virtual_machine This tool permanently removes a virtual machine and its associated resources through a multi-stage destruction workflow (stop, destroy, expunge). Execute · High deploy_virtual_machine Deploying a virtual machine is an Execute action because it triggers provisioning of compute resources and external infrastructure operations whose effects are determined by the arguments provided (VM size, image, networ Execute · High scale_virtual_machine Scaling a VM (changing its service offering) executes infrastructure changes on cloud resources—resizing CPU, memory, or other compute parameters. Execute · High start_virtual_machine This tool triggers execution of a command against CloudStack infrastructure to start a virtual machine.

20 of CloudStack MCP Server's 45 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control CloudStack MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and CloudStack MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "destroy_virtual_machine": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "reset_password_virtual_machine": {
    "limits": [
      {
        "counter": "reset_password_virtual_machine_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_virtual_machine": {
    "limits": [
      {
        "counter": "get_virtual_machine_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register CloudStack MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON CLOUDSTACK →

Free to start. No card required.

FULL CATALOGUE

All 45 CloudStack MCP Server tools

DESTRUCTIVE 1 tools
Destructive destroy_virtual_machine Destroy a virtual machine using proper workflow: stop → destroy → expunge. Handles VMs in any state including
EXECUTE 6 tools
Execute deploy_virtual_machine Deploy a new virtual machine Execute scale_virtual_machine Scale virtual machine (change service offering) Execute start_virtual_machine Start a virtual machine Execute stop_virtual_machine Stop a virtual machine Execute reboot_virtual_machine Reboot a virtual machine Execute migrate_virtual_machine Migrate virtual machine to another host
WRITE 13 tools
Write reset_password_virtual_machine Reset password for virtual machine Write associate_ip_address Acquire a new public IP address Write change_service_offering_virtual_machine Change service offering for virtual machine Write detach_volume Detach volume from virtual machine Write attach_volume Attach volume to virtual machine Write create_firewall_rule Create a firewall rule Write create_network Create a new network Write create_security_group_rule Create a security group ingress rule Write create_snapshot Create a snapshot of a volume Write create_ssh_key_pair Create a new SSH key pair Write create_volume Create a new volume Write enable_static_nat Enable static NAT for an IP to a VM Write resize_volume Resize a volume
READ 25 tools
Read get_virtual_machine Get details of a specific virtual machine Read list_accounts List accounts Read list_alerts List system alerts Read list_async_jobs List asynchronous jobs Read list_capacity List system capacity information Read list_clusters List clusters Read list_domains List domains Read list_events List system events Read list_hosts List hosts Read list_load_balancer_rules List load balancer rules Read list_networks List networks Read list_public_ip_addresses List public IP addresses Read list_security_groups List security groups Read list_service_offerings List service offerings (compute plans) Read list_snapshots List volume snapshots Read list_ssh_key_pairs List SSH key pairs Read list_storage_pools List storage pools Read list_system_vms List system VMs (console proxy, secondary storage) Read list_templates List templates Read list_usage_records List usage records for billing Read list_users List users Read list_virtual_machine_metrics List virtual machine performance metrics Read list_virtual_machines List virtual machines in CloudStack Read list_volumes List storage volumes Read list_zones List availability zones
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about CloudStack MCP Server

Can an AI agent delete data through the CloudStack MCP Server MCP server? +

Yes. The CloudStack MCP Server server exposes 1 destructive tools including destroy_virtual_machine. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through CloudStack MCP Server? +

The CloudStack MCP Server server has 13 write tools including reset_password_virtual_machine, associate_ip_address, change_service_offering_virtual_machine. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach CloudStack MCP Server.

How many tools does the CloudStack MCP Server MCP server expose? +

45 tools across 4 categories: Destructive, Execute, Read, Write. 25 are read-only. 20 can modify, create, or delete data.

How do I enforce a policy on CloudStack MCP Server? +

Register the CloudStack MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every CloudStack MCP Server tool call.

Deterministic rules across all 45 CloudStack MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON CLOUDSTACK →

Free to start. No card required.

45 CloudStack MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.