MCProxy

39 tools. 29 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

29 can modify or destroy data
10 read-only
39 tools total

Community server · catalogue entry verified 29/06/2026

How to control MCProxy ↓

What MCProxy exposes to your agents

Read (10) Write / Execute (27) Destructive / Financial (2)
Critical Risk

The most dangerous MCProxy tools

29 of MCProxy's 39 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control MCProxy

PolicyLayer is an MCP gateway — it sits between your AI agents and MCProxy, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "browser_clear_cookies": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "browser_close_session": {
    "limits": [
      {
        "counter": "browser_close_session_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "browser_check_captcha": {
    "limits": [
      {
        "counter": "browser_check_captcha_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MCProxy — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCPROXY →

Instant setup, no code required.

All 39 MCProxy tools

EXECUTE 24 tools
Execute browser_click Click an element on the page. Supports humanized clicking with natural mouse movement. Execute browser_click_at Click at specific coordinates on the page. Coordinates are RELATIVE (0-1 range): x=0 is left edge, x=1 is righ Execute browser_create_session Create a new remote browser session. Returns session_id, browser type, and location info (IP, city, region, co Execute browser_double_click_at Double-click at specific coordinates. Coordinates are RELATIVE (0-1 range): x=0 is left edge, x=1 is right edg Execute browser_drag Drag from one coordinate to another. All coordinates are RELATIVE (0-1 range). Useful for sliders, drag-and-dr Execute browser_evaluate Execute JavaScript code in the browser and return the result. Execute browser_go_back Go back in browser history. Execute browser_go_forward Go forward in browser history. Execute browser_hover Hover over an element. Execute browser_keyboard_down Hold down a key (for modifier keys or key combinations). Remember to release with keyboard_up. Execute browser_keyboard_press Press a single key. Use for Enter, Tab, Escape, arrows, Backspace, or key combinations like Control+a, Shift+T Execute browser_keyboard_type Type text at the currently focused element. Use this after clicking an input field with click_at. More human-l Execute browser_keyboard_type_credential Type a stored credential at the currently focused element BY REFERENCE. Use this after clicking an input field Execute browser_keyboard_up Release a held key. Execute browser_move_mouse Move the mouse to specific coordinates without clicking. Coordinates are RELATIVE (0-1 range). Useful for hove Execute browser_navigate Navigate to a URL in the browser session. Automatically detects CAPTCHAs and can wait for Cloudflare challenge Execute browser_reload Reload the current page. Execute browser_scroll Scroll the page or scroll an element into view. Supports humanized smooth scrolling. Execute browser_select Select an option from a dropdown. Execute browser_solve_captcha Submit a CAPTCHA solution. For image CAPTCHAs, analyze the screenshot from browser_check_captcha or browser_na Execute browser_type Type text into an input element. Supports humanized typing with random keystroke delays. Execute browser_type_credential Type a stored credential into an input element BY REFERENCE. The actual credential value is never exposed to t Execute browser_wait_for_navigation Wait for page navigation to complete. Execute browser_wait_for_selector Wait for an element to appear on the page.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about MCProxy

Can an AI agent delete data through the MCProxy MCP server? +

Yes. The MCProxy server exposes 2 destructive tools including browser_clear_cookies, browser_delete_credential. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MCProxy? +

The MCProxy server has 3 write tools including browser_close_session, browser_set_cookies, browser_set_credential. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCProxy.

How many tools does the MCProxy MCP server expose? +

39 tools across 4 categories: Destructive, Execute, Read, Write. 10 are read-only. 29 can modify, create, or delete data.

How do I enforce a policy on MCProxy? +

Register the MCProxy MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCProxy tool call.

Deterministic rules across all 39 MCProxy tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

39 MCProxy tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.