Qingflow

22 tools. 5 can modify or destroy data without limits.

5 write tools that can modify data. Rate limits recommended.

Last updated:

5 can modify or destroy data
17 read-only
22 tools total

Community server · catalogue entry verified 30/06/2026

How to control Qingflow ↓

What Qingflow exposes to your agents

Read (17) Write / Execute (5) Destructive / Financial (0)
High Risk

The most dangerous Qingflow tools

5 of Qingflow's 22 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Qingflow

PolicyLayer is an MCP gateway — it sits between your AI agents and Qingflow, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "qf_export_csv": {
    "limits": [
      {
        "counter": "qf_export_csv_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "qf_apps_list": {
    "limits": [
      {
        "counter": "qf_apps_list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Qingflow — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON QINGFLOW →

Instant setup, no code required.

All 22 Qingflow tools

READ 17 tools
Read qf_apps_list List Qingflow apps with optional filtering and client-side slicing. Read qf_field_resolve Resolve natural language field names/aliases into stable que_id mappings for one app. Read qf_form_get Get form metadata and compact field summaries for one app. Read qf_operation_get Resolve async operation result by request_id. Read qf_query Unified read entry for list/record/summary. Use query_mode=auto to route automatically. Read qf_query_plan Preflight query arguments: normalize inputs, validate required fields, resolve mappings and estimate scan limi Read qf_record_get Get one record by applyId. Read qf_records_aggregate Aggregate records by group_by columns with optional amount metrics. Designed for deterministic, auditable stat Read qf_records_batch_get Fetch multiple records by apply_ids in one call and return strict flat rows. Read qf_records_list List records with pagination, filters and sorting. Read qf_tool_spec_get Return MCP tool parameter requirements, limits, aliases and minimal examples for agent prompt grounding. Read qf_value_probe Probe likely field values for one app field, with explicit match mode and matched value evidence. Read qf.query.aggregate Aggregate records through the canonical DSL and return metrics_by_column plus query handle resources. Read qf.query.export Export canonical row queries and return resource links instead of large inline payloads. Read qf.query.plan Preflight canonical query DSL, normalize loose inputs, translate into internal tools and estimate whether the Read qf.query.record Fetch one record through the canonical DSL and return a query handle. Read qf.query.rows Query rows through the canonical DSL and return query handles plus resource links.

Questions about Qingflow

How do I prevent bulk modifications through Qingflow? +

The Qingflow server has 5 write tools including qf_export_csv, qf_export_json, qf_record_create. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Qingflow.

How many tools does the Qingflow MCP server expose? +

22 tools across 2 categories: Read, Write. 17 are read-only. 5 can modify, create, or delete data.

How do I enforce a policy on Qingflow? +

Register the Qingflow MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Qingflow tool call.

Deterministic rules across all 22 Qingflow tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

22 Qingflow tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.