// SCAN REPORT

Project MCP

42 tools. 23 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated: 12 Jun 2026

23 can modify or destroy data

19 read-only

42 tools total

Community server · catalogue entry verified 12/06/2026

How to control Project MCP ↓

TOOL MAP

What Project MCP exposes to your agents

Read (19) Write / Execute (21) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Project MCP tools

Destructive · High delete_task This tool irreversibly removes task data from the system with no recovery mechanism. Destructive · Medium remove_from_backlog The tool permanently removes an item from the backlog without any promotion or archival path, making it an irreversible deletion of project task data. Execute · Medium lint_project_docs The tool does more than passively read — it actively validates and can auto-fix documentation issues, meaning it may modify files in place. Write · Medium add_decision This tool creates new structured entries in a documentation file (DECISIONS.md), which is a reversible write operation.

23 of Project MCP's 42 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Project MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Project MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "delete_task": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "init_project": {
    "limits": [
      {
        "counter": "init_project_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "check_project_state": {
    "limits": [
      {
        "counter": "check_project_state_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Project MCP — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON PROJECT →

Free to start. No card required.

FULL CATALOGUE

All 42 Project MCP tools

DESTRUCTIVE 2 tools

Destructive delete_task Permanently deletes a task from todos/. Use with caution - this cannot be undone. Consider using archive_task Destructive remove_from_backlog Removes an item from BACKLOG.md without promoting it. Use for tasks that are no longer needed or were added by

EXECUTE 1 tools

Execute lint_project_docs Validates project documentation against standards. Checks for required files, valid frontmatter, broken depend

WRITE 20 tools

Write init_project Initializes the .project/ directory with all standard files following strict templates. Creates index.md (cont Write sync_todo_index Syncs the parent TODO.md file with all tasks. Generates a dashboard view with tasks organized by status, prior Write add_decision Adds a single architecture decision record (ADR) to DECISIONS.md. Creates a structured entry with title, conte Write add_roadmap_milestone Adds a milestone or phase to ROADMAP.md. Creates a structured entry with title, description, target date, and Write add_to_backlog Adds a single item to BACKLOG.md. Use this for quick task creation without bulk import. Items are added to the Write archive_task Archives a completed task by moving it from todos/ to archive/. Keeps the active task queue small and focused. Write archive_thought Archives a processed thought file by moving it to .project/thoughts/todos/.archive/. Use this after you Write create_or_update_decisions Creates or updates the DECISIONS.md file in .project/ directory. Use this when documenting architecture decisi Write create_or_update_index Creates or updates the index.md file in .project/ directory. This is the contract file that defines how agents Write create_or_update_roadmap Creates or updates the ROADMAP.md file in .project/ directory. Use this when planning future work, milestones, Write create_or_update_status Creates or updates the STATUS.md file in .project/ directory. Use this when updating project health, recent ch Write create_or_update_todo Creates or updates the TODO.md file in .project/ directory. Use this when adding tasks, marking items complete Write create_task Creates a new task with YAML frontmatter metadata. Uses Jira-like IDs (e.g., AUTH-001, API-042) for stable ref Write import_tasks Parses a plan document and imports tasks to BACKLOG.md (not individual files). Use this to populate the backlo Write manage_project_file Smart tool that automatically determines which project file to create or update based on context. Use this whe Write promote_task Promotes a task from BACKLOG.md to an active YAML task file in todos/. Use this when starting work on a backlo Write unarchive_task Restores a task from archive/ back to todos/ for further work. Use when a completed task needs to be reopened. Write update_backlog_item Updates an item in BACKLOG.md. Can change priority, title, tags, or phase without promoting to active work. Write update_project_status Quick status update for the project. Adds a timestamped entry to STATUS.md with the current status, changes, o Write update_task Updates an existing task by ID. Can update any field including status, priority, owner, dependencies, etc. Use

READ 19 tools

Read check_project_state Checks the current state of project management files. Returns which files exist (.project/index.md, ROADMAP.md Read get_backlog Reads and returns the current backlog contents with optional filtering. Shows tasks organized by priority with Read get_decision Reads a specific architecture decision by ADR ID. Returns the full decision content including context, decisio Read get_doc Get the full content of a specific file. Supports files from .project/, root-level, or docs/. Use the path as Read get_doc_structure Get the complete documentation directory structure with file paths and descriptions. Useful for understanding Read get_next_task Returns the next task(s) that should be worked on. Considers: dependencies (only returns tasks whose dependenc Read get_roadmap Reads the current roadmap content from ROADMAP.md. Returns milestones, phases, and planned work. Read get_task Reads and returns a specific task by ID. Shows all metadata including frontmatter, description, subtasks, and Read get_thought Reads a specific thought file and returns its raw content for review. Read list_archived_tasks Lists tasks in the archive/ directory. Shows completed work history with optional filtering by project or date Read list_archived_thoughts Lists all archived thought files with their processing history. Shows what thoughts were processed, when, and Read list_decisions Lists all architecture decisions from DECISIONS.md with optional filtering by status or tag. Read list_docs List all available documentation files organized by category. Use this to discover what documentation is avail Read list_tasks Lists all tasks with optional filtering. Returns a summary view of tasks organized by status and priority. Read list_thoughts Lists all thought files in the .project/thoughts/ directory structure. Shows available brain dump files organi Read process_thoughts Reads brain dump markdown files from .project/thoughts/todos/ and returns the content along with project conte Read search_docs Search only the docs/ directory for reference documentation. Use this when the user specifically asks for Read search_project Search across project sources with smart intent detection. IMPORTANT: Read search_tasks Search tasks by keyword in title, description, or content. Returns matching tasks with relevance ranking.

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Project MCP

Can an AI agent delete data through the Project MCP server? +

Yes. The Project MCP server exposes 2 destructive tools including delete_task, remove_from_backlog. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Project MCP? +

The Project MCP server has 20 write tools including init_project, sync_todo_index, add_decision. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Project MCP.

How many tools does the Project MCP server expose? +

42 tools across 3 categories: Destructive, Read, Write. 19 are read-only. 23 can modify, create, or delete data.

How do I enforce a policy on Project MCP? +

Register the Project MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Project MCP tool call.

Deterministic rules across all 42 Project MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON PROJECT →

Free to start. No card required.

42 Project MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.