Scf

74 tools. 25 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

25 can modify or destroy data
49 read-only
74 tools total

Community server · catalogue entry verified 05/07/2026

How to control Scf ↓

What Scf exposes to your agents

Read (49) Write / Execute (22) Destructive / Financial (3)
Critical Risk

The most dangerous Scf tools

25 of Scf's 74 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Scf

PolicyLayer is an MCP gateway — it sits between your AI agents and Scf, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "scf_delete_custom_risk": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "scf_add_custom_risk_control": {
    "limits": [
      {
        "counter": "scf_add_custom_risk_control_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "scf_get_audit_log": {
    "limits": [
      {
        "counter": "scf_get_audit_log_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Scf — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SCF →

Instant setup, no code required.

All 74 Scf tools

WRITE 17 tools
Write scf_add_custom_risk_control Link a scoped control to a custom risk (write — editor+ role). The control must already be scoped (in-scope) f Write scf_batch_update_controls Batch-update up to 500 scoped controls in one transaction (write — editor+ role). Each operation identifies it Write scf_bulk_assess_windows Queue windowed AI assessments for up to 25 evidence IDs (write — editor+ role, async). Items without tracking Write scf_create_custom_risk Create a custom org-defined risk (write — editor+ role). Auto-generates an R-ORG-N code and creates the matchi Write scf_create_evidence Create an evidence tracking record from a catalog evidence ID (write — editor+ role). Starts tracking an evide Write scf_create_risk Create a new risk assessment in the risk register (write — editor+ role). Likelihood and impact scores populat Write scf_create_system Create a system in the organization Write scf_create_vendor Create a vendor in the TPRM registry (write — editor+ role). Platform auto-scores risk based on criticality an Write scf_create_webhook Create a webhook endpoint for evidence-inbox ingestion (write — admin role). Returns the plaintext HMAC signin Write scf_rotate_webhook_secret Rotate the HMAC signing secret for a webhook endpoint (write — admin role). The old secret is invalidated imme Write scf_scope_framework Bulk-scope every control mapped to a framework into the organization (write — editor+ role). Creates a scoped- Write scf_trigger_dpsia Queue a Data Protection Security Impact Assessment (DPSIA) for a vendor (write — editor+ role, async). Scores Write scf_update_custom_risk Update a custom risk definition Write scf_update_evidence Upsert an evidence item Write scf_update_scoped_control Update a scoped control Write scf_update_system Update an existing system record (write — editor+ role). All fields are optional; only provided fields are app Write scf_update_vendor Update an existing vendor record (write — editor+ role). Only provided fields are applied.
READ 49 tools
Read scf_get_audit_log Get one organization Read scf_get_capability_theme Get a single capability theme (KSI) with full posture, multi-axis scores, band, and legacy posture_percentage. Read scf_get_capability_theme_evidence_posture Get per-theme evidence metrics: controls with evidence, file counts by assessment status, average relevance sc Read scf_get_capability_theme_scorecard Get the multi-axis KSI scorecard for every capability theme. Returns per-theme Implementation Coverage, Maturi Read scf_get_control Get a single SCF control by ID. Returns description, mapped frameworks, assessment objectives, and linked evid Read scf_get_control_assessment_composite Get the rolled-up assessment composite for one SCF control: composite score, status band, included/missing evi Read scf_get_current_user Get the authenticated caller Read scf_get_evidence_assessment Get the AI assessment for an evidence file: status, relevance score (0–100), structured findings, summary, and Read scf_get_evidence_assessment_summary Get aggregate AI assessment metrics for the organization dashboard: total assessed, counts by status, unassess Read scf_get_evidence_file Get metadata and a pre-signed download URL (15-min expiry) for a single evidence file. Use to inspect or retri Read scf_get_evidence_maturity Get the organization Read scf_get_evidence_validation Get the validation result for a single evidence file: status (valid/warning/partial/invalid), completeness sco Read scf_get_evidence_validation_summary Get aggregate evidence validation metrics for the organization dashboard: total files validated, counts by sta Read scf_get_notifications Get the caller Read scf_get_organization Get one organization Read scf_get_risk Get one risk assessment in detail: likelihood, inherent and residual impact scores, treatment plan, owner, and Read scf_get_risk_matrix Get the 5×5 risk matrix data for the organization — risk distribution across likelihood × impact, ready for vi Read scf_get_risk_summary Get the organization Read scf_get_scoped_control Get one scoped control in detail: owner, implementation notes, evidence links, and audit history. Identify by Read scf_get_scoping_stats Get the organization Read scf_get_vendor Get one vendor Read scf_get_vendor_research Get the latest vendor research result: breach history, known vulnerabilities, and security posture analysis. P Read scf_get_webhook Get one webhook endpoint Read scf_get_window_assessment Get one windowed AI assessment by ID. Returns full detail: window bounds, frequency, file IDs, coverage, expec Read scf_get_window_assessment_summary Get aggregate windowed-assessment metrics for the organization dashboard: total windows assessed, counts by st Read scf_get_work_queue Get the caller Read scf_list_assessment_objectives List SCF assessment objectives — the 5,736 test criteria used to evaluate control implementation. Optionally f Read scf_list_capabilities List an organization Read scf_list_capability_theme_controls List SCF controls mapped to a capability theme (KSI), with scoping status, implementation status, and maturity Read scf_list_capability_themes List an organization Read scf_list_control_assessment_composites List rolled-up assessment composites for the org. Cursor-paginated, worst-band first (insufficient → sufficien Read scf_list_controls List SCF security controls from the reference catalog. Returns paginated controls with SCF ID, title, descript Read scf_list_custom_risk_controls List controls linked to a custom risk. Returns Read scf_list_custom_risks List the organization Read scf_list_domains List every compliance domain in the SCF taxonomy. Domains group related controls (e.g., GOV = Governance, AST Read scf_list_evidence List evidence items tracked against an organization Read scf_list_evidence_catalog List evidence items from the SCF reference catalog — the 272 standard evidence types that can be collected to Read scf_list_evidence_files List all files uploaded or ingested for an evidence item. Returns filename, content type, upload timestamp, va Read scf_list_evidence_tasks List evidence collection tasks — the work queue showing what needs to be collected, by whom, and by when. Opti Read scf_list_frameworks List every compliance framework mapped in the SCF catalog (NIST 800-53, ISO 27001, SOC 2, FedRAMP, GDPR, and 3 Read scf_list_members List members of one organization with their role (admin, editor, or viewer). Read scf_list_organizations List every organization the caller has access to. Returns org UUID, name, subscription tier, and member count. Read scf_list_risks List risk assessments in the organization Read scf_list_scoped_controls List controls scoped to the organization with implementation status. Filter by scope status, domain, framework Read scf_list_systems List the organization Read scf_list_vendors List third-party vendors in the organization Read scf_list_webhook_deliveries List delivery logs for a webhook endpoint (newest first). Each entry shows signature validation result, proces Read scf_list_webhooks List the organization Read scf_list_window_assessments List recent windowed AI assessments for an evidence item (newest first). Each entry includes window bounds, fr

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Scf

Can an AI agent delete data through the Scf MCP server? +

Yes. The Scf server exposes 3 destructive tools including scf_delete_custom_risk, scf_delete_webhook, scf_remove_custom_risk_control. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Scf? +

The Scf server has 17 write tools including scf_add_custom_risk_control, scf_batch_update_controls, scf_bulk_assess_windows. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Scf.

How many tools does the Scf MCP server expose? +

74 tools across 4 categories: Destructive, Execute, Read, Write. 49 are read-only. 25 can modify, create, or delete data.

How do I enforce a policy on Scf? +

Register the Scf MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Scf tool call.

Deterministic rules across all 74 Scf tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

74 Scf tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.