// SCAN REPORT

Qiskit IBM Runtime MCP Server

62 tools. 1 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

1 can modify or destroy data
61 read-only
62 tools total
// TOOL MAP
Read (61) Write / Execute (0) Destructive / Financial (1)
// WHAT CAN GO WRONG

Destructive tools (account_name) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

One command. Full control.

Intercept sits between your agent and Qiskit IBM Runtime MCP Server. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @qiskit-ibm-runtime-mcp-server
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
account_name:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Cap read operations
account_info:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 62 QISKIT IBM RUNTIME MCP SERVER TOOLS
DESTRUCTIVE 1 tools
Destructive account_name
READ 61 tools
Read account_info Read accounts Read adjacency_list Read average_path_length Read backend Read backend_name Read bidirectional Read CANCELLED Read chain_length Read channel Read circuit Read circuit_format Read combined Read connectivity Read connectivity_ratio Read counts Read dd_sequence Read deleted Read DONE Read dynamical_decoupling Read edge_errors Read edges Read ERROR Read execution_time Read faulty_gates Read faulty_qubits Read gate_error Read INITIALIZING Read instance_crn Read instances Read internal_edges Read job_id Read job_status Read limit Read measure_twirling Read message Read metric Read num_qubits Read num_results Read observables Read optimization_level Read qubit_details Read qubits Read QUEUED Read qv_optimized Read readout_error Read resilience_level Read RUNNING Read score Read shots Read status Read total_instances Read twirling Read two_qubit_error Read usage Read usage_consumed_seconds Read usage_limit_reached Read usage_limit_seconds Read usage_period Read usage_remaining_seconds Read zne_mitigation
// FAQ
Can an AI agent delete data through the Qiskit IBM Runtime MCP Server MCP server? +

Yes. The Qiskit IBM Runtime MCP Server server exposes 1 destructive tools including account_name. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How many tools does the Qiskit IBM Runtime MCP Server MCP server expose? +

62 tools across 2 categories: Destructive, Read. 61 are read-only. 1 can modify, create, or delete data.

How do I add Intercept to my Qiskit IBM Runtime MCP Server setup? +

One line change. Instead of running the Qiskit IBM Runtime MCP Server server directly, prefix it with Intercept: intercept -c qiskit-ibm-runtime-mcp-server.yaml -- npx -y @qiskit-ibm-runtime-mcp-server. Download a pre-built policy from policylayer.com/policies/qiskit-ibm-runtime-mcp-server and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 310 tools
admin
Aibtc 288 tools
admin
Google Super 200 tools
admin
Trello 200 tools
admin
Propresenter 177 tools
admin
Leaper Vision Toolkit 169 tools
admin
Apiosk 160 tools
admin
Mcp Sitecore 153 tools
admin
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

npx -y @policylayer/intercept init
Protect your agent in 30 seconds. Scans your MCP config and generates enforcement policies for every server.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.