// SCAN REPORT

RAD Security

55 tools. 8 can modify or destroy data without limits.

8 write tools that can modify data. Rate limits recommended.

Last updated:

8 can modify or destroy data
47 read-only
55 tools total

Community server · catalogue entry verified 12/06/2026

How to control RAD Security ↓

TOOL MAP

What RAD Security exposes to your agents

Read (47) Write / Execute (8) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous RAD Security tools

Execute · High run_workflow This tool executes workflows—automated processes whose side effects depend on the provided arguments. Execute · High radql_batch_query This tool executes arbitrary RadQL queries against the RAD Security API. Execute · Medium radql_query_builder This tool constructs and executes RadQL queries against the RAD Security API. Write · Medium add_workflow_schedule This is a Write operation because it creates or modifies workflow configuration reversibly—adding a schedule changes how and when a workflow executes, but the action can be undone by removing the schedule.

8 of RAD Security's 55 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control RAD Security

PolicyLayer is an MCP gateway — it sits between your AI agents and RAD Security, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "add_workflow_schedule": {
    "limits": [
      {
        "counter": "add_workflow_schedule_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_cluster_details": {
    "limits": [
      {
        "counter": "get_cluster_details_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register RAD Security — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON RAD SECURITY →

Free to start. No card required.

FULL CATALOGUE

All 55 RAD Security tools

EXECUTE 3 tools
Execute run_workflow Run a workflow with optional argument overrides Execute radql_batch_query Execute multiple RadQL queries in parallel for efficiency. Useful for fetching related data from different dat Execute radql_query_builder Helper tool to build RadQL queries programmatically from structured conditions. Useful when you need to constr
WRITE 5 tools
Write add_workflow_schedule Add a cron-based schedule to a workflow. The schedule will trigger the workflow automatically at the specified Write create_custom_workflow Create a new custom workflow from YAML definition. The YAML will be validated before deployment. Write mark_inbox_item_as_false_positive Mark an inbox item as a false positive with a reason Write update_custom_workflow Update an existing custom workflow with new YAML. Only custom workflows (created via create_custom_workflow) c Write update_security_finding_status Update the status of a security finding
READ 47 tools
Read get_cluster_details Get detailed information about a specific Kubernetes cluster managed by RAD Security Read get_container_details Get detailed information about a container secured by RAD Security Read get_container_llm_analysis Get LLM analysis of a container Read get_containers_baselines Get runtime baselines for multiple containers Read get_containers_process_trees Get process trees for multiple containers Read get_cve Get details for a specific CVE ID. Source: cve-search.org Read get_dashboard Get detailed information about a specific dashboard Read get_dashboard_template Get detailed information about a specific dashboard template Read get_identity_details Get detailed information about a specific identity in a Kubernetes cluster Read get_image_sbom Get the SBOM of a container image Read get_inbox_item_details Get detailed information about a specific inbox item Read get_k8s_resource_details Get the latest manifest of a Kubernetes resource Read get_k8s_resource_misconfig Get detailed information about a specific Kubernetes resource misconfiguration Read get_latest_30_cves Get the latest/newest 30 CVEs including CAPEC, CWE and CPE expansions. Source: cve-search.org Read get_top_vulnerable_images Get the most vulnerable images from your account Read get_widget_template Get detailed information about a specific widget template Read get_workflow Get detailed information about a specific workflow by ID. It contains the workflow definition, default argumen Read get_workflow_run Get detailed information about a specific workflow run Read list_clusters List Kubernetes clusters managed by RAD Security Read list_containers List containers secured by RAD Security with optional filtering by image name, image digest, namespace, cluste Read list_cve_products Get a list of all products associated with a vendor in the CVE database. Source: cve-search.org Read list_cve_vendors Get a list of all vendors in the CVE database. Source: cve-search.org Read list_dashboard_templates List dashboard templates with optional filtering by category Read list_dashboards List dashboards for the account Read list_external_integrations List external integrations configured for the tenant (e.g., Slack, AWS CloudTrail, Okta). Returns integration Read list_identities Get list of identities for a specific Kubernetes cluster Read list_image_vulnerabilities List vulnerabilities in a container image with optional filtering by severity Read list_images List container images with optional filtering by page, page size, sort, and search query Read list_inbox_items List inbox items with optional filtering by any field. Multiple filters can be combined eg. Read list_k8s_resource_misconfig_policies List available misconfiguration policies used by RAD Security to detect Kubernetes resource misconfigurations Read list_k8s_resource_misconfigs Get manifest misconfigurations for a Kubernetes resource Read list_k8s_resources List Kubernetes resources with optional filtering by namespace, resource types, and cluster Read list_knowledge_base_collections List all collections in your organization Read list_knowledge_base_documents List documents in your organization Read list_security_findings List security findings with optional filtering by types, severities, sources, and status Read list_widget_templates List widget templates with optional filtering by visualization type and category Read list_workflow_runs List workflow runs with optional filtering by workflow ID Read list_workflow_schedules List workflow schedules with optional filtering by workflow ID Read list_workflows List all workflows Read query_knowledge_base_document Query a CSV document from the knowledge base using natural language. IMPORTANT: This tool ONLY works with CSV Read radql_get_type_metadata Get schema/metadata for a specific RadQL data type. Shows available fields, data types, which fields can be fi Read radql_list_data_types List all available RadQL data types (discovery). ALWAYS call this FIRST before using other RadQL tools to disc Read radql_list_filter_values List possible values for a filter field (e.g., namespace list, cluster list, severity values). Useful for buil Read radql_query Execute RadQL queries for security investigations. Supports: list (filter/search), get_by_id (single item), st Read search_cves Search CVEs by vendor and optionally product. Source: cve-search.org Read search_knowledge_base Search your organization Read who_shelled_into_pod Get k8s audit logs with information about users who shelled into a pod
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about RAD Security

How do I prevent bulk modifications through RAD Security? +

The RAD Security server has 5 write tools including add_workflow_schedule, create_custom_workflow, mark_inbox_item_as_false_positive. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach RAD Security.

How many tools does the RAD Security MCP server expose? +

55 tools across 3 categories: Execute, Read, Write. 47 are read-only. 8 can modify, create, or delete data.

How do I enforce a policy on RAD Security? +

Register the RAD Security MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every RAD Security tool call.

Deterministic rules across all 55 RAD Security tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON RAD SECURITY →

Free to start. No card required.

55 RAD Security tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.