// SCAN REPORT

Executor

29 tools. 17 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated:

17 can modify or destroy data
12 read-only
29 tools total

Community server · catalogue entry verified 10/06/2026

How to control Executor ↓

TOOL MAP

Read (12) Write / Execute (9) Destructive / Financial (6)

MOST DANGEROUS TOOLS

Critical Risk
Destructive · High connections.remove This tool permanently deletes a saved connection and its produced tools. Destructive · Critical delete The tool is named 'delete' and explicitly described as 'destructive', indicating it performs irreversible deletion of data. Destructive · High delete_titled The tool is designed to delete data irreversibly. Destructive · Medium oauth.cancel Cancelling an OAuth session is an irreversible action that terminates the authorization flow; the session cannot be resumed once cancelled.

17 of Executor's 29 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL EXECUTOR

PolicyLayer is an MCP gateway — it sits between your AI agents and Executor, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "connections.remove": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "oauth.clients.create": {
    "limits": [
      {
        "counter": "oauth.clients.create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "connections.list": {
    "limits": [
      {
        "counter": "connections.list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Executor — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON EXECUTOR →

Free to start. No card required.

ALL 29 EXECUTOR TOOLS

DESTRUCTIVE 6 tools
Destructive connections.remove Remove a saved connection and its produced tools by owner, integration, and connection name. Destructive delete A destructive tool Destructive delete_titled A destructive tool with a title annotation Destructive oauth.cancel Cancel an in-flight OAuth authorization-code session by state after the user abandons the flow. Destructive oauth.clients.remove Remove an owner-scoped OAuth client by owner and slug. Existing connections are not cascaded. Destructive policies.remove Remove a tool policy by id + owner.
EXECUTE 3 tools
Execute connections.refresh Re-run an integration Execute oauth.start Start OAuth through a registered client to mint a connection for an integration. Execute probeEndpoint Probe a remote MCP endpoint before adding it. If the result requires OAuth, run the core OAuth handoff (
WRITE 6 tools
Write oauth.clients.create Register or replace an owner-scoped OAuth client from explicit client credentials. Use grant Write connections.create Low-level create or replace for a saved connection from provider item references. For normal API keys/tokens, Write connections.createHandoff Return a browser URL that opens the Add account flow for one integration. Use this for API keys/tokens so the Write oauth.clients.registerDynamic Register an OAuth client through RFC 7591 Dynamic Client Registration and save the minted client for later Write policies.create Create a tool policy. Write policies.update Update a tool policy
READ 12 tools
Read connections.list List saved connections (the credential for one integration). Never returns the credential value. Optionally fi Read getIntegration Inspect an existing GraphQL integration, including endpoint, static headers/query params, and auth templates. Read getServer Inspect a registered MCP integration, including transport, endpoint/command, and auth template. Use this befor Read hello Greets a person Read integrations.detect Given a URL, ask every plugin whether it recognizes it, returning best-confidence matches so the UI can pre-fi Read list A read-only tool Read listVaults List available 1Password vaults before configuring the provider. For service-account auth, pass the service ac Read oauth.probe Discover OAuth authorization-server metadata from an issuer or protected-resource URL so client registration c Read previewSpec Preview an OpenAPI document before adding it as an integration. Call this first when the user provides a spec Read providers.items Browse a credential provider Read simple_echo Echoes a value without elicitation Read structured_echo Returns text plus structured data
OTHER 2 tools
Other gated_echo Asks for approval before echoing a value Other ping An unannotated tool

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
adminautomation
Binance MCP Server 734 tools
adminautomation
Nodebench 724 tools
adminautomation
GoHighLevel MCP Server 566 tools
adminautomation
UnClick 451 tools
adminautomation
NowAIKit — ServiceNow AI Toolkit 446 tools
adminautomation
Mcp Windows 441 tools
adminautomation
0nmcp 407 tools
adminautomation

FAQ

Can an AI agent delete data through the Executor MCP server? +

Yes. The Executor server exposes 6 destructive tools including connections.remove, delete, delete_titled. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Executor? +

The Executor server has 6 write tools including oauth.clients.create, connections.create, connections.createHandoff. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Executor.

How many tools does the Executor MCP server expose? +

29 tools across 4 categories: Destructive, Execute, Read, Write. 12 are read-only. 17 can modify, create, or delete data.

How do I enforce a policy on Executor? +

Register the Executor MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Executor tool call.

Deterministic rules across all 29 Executor tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON EXECUTOR →

Free to start. No card required.

29 Executor tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.