Scrumdo

93 tools. 47 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

47 can modify or destroy data
46 read-only
93 tools total

Community server · catalogue entry verified 03/07/2026

How to control Scrumdo ↓

What Scrumdo exposes to your agents

Read (46) Write / Execute (42) Destructive / Financial (4)
Critical Risk

The most dangerous Scrumdo tools

47 of Scrumdo's 93 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Scrumdo

PolicyLayer is an MCP gateway — it sits between your AI agents and Scrumdo, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cancel_loop": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_attachment": {
    "limits": [
      {
        "counter": "add_attachment_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "accept_spec_proposal": {
    "limits": [
      {
        "counter": "accept_spec_proposal_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Scrumdo — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SCRUMDO →

Instant setup, no code required.

All 93 Scrumdo tools

WRITE 31 tools
Write add_attachment add_attachment Write add_card_label Add a single label to a card, preserving existing labels. Write add_comment add_comment Write archive_card Archive a card by moving it to the project's Archive iteration. Write assign_card Set the assignees on a card, replacing any current assignees. Write attach_evidence Attach durable proof artifacts (test output, screenshots, diffs, logs) Write complete_task Mark a task as complete. Write create_card create_card Write create_task Create a new task on a card. Write create_webhook create_webhook Write generate_spec_proposal generate_spec_proposal Write link_github_commit Attach a commit SHA to a card. Write link_github_issue Attach a GitHub Issue URL to a card. Write link_github_pr Attach a Pull Request URL to a card. Write log_activity log_activity Write log_time log_time Write move_card Move a card to a different column (cell) on the board. Write move_card_to_iteration Move a card into an iteration (sprint). Write patch_card_spec patch_card_spec Write reject_spec_proposal reject_spec_proposal Write remove_card_label Remove a single label from a card. Write reopen_task Reopen (un-complete) a task. Write request_spec_proposal_changes request_spec_proposal_changes Write revise_spec_proposal revise_spec_proposal Write set_card_field set_card_field Write set_card_fields set_card_fields Write set_card_spec set_card_spec Write unblock_card unblock_card Write update_card update_card Write update_loop_state Merge a patch into the loop's LoopState (append-or-set: list keys Write update_task update_task
READ 46 tools
Read accept_spec_proposal accept_spec_proposal Read block_card block_card Read card_schema card_schema Read find_card Find a card by its reference ID (e.g. 'ON-914'). Read find_member Find a member by name, username, or email. Read get_activity_log get_activity_log Read get_agent_identity get_agent_identity Read get_agent_run Fetch one AgentRun row by id. Read get_all_card_fields get_all_card_fields Read get_board Get a board (project) with its cells (columns), custom field definitions, Read get_board_cells List the columns (cells) of a board. Read get_card Get a card's full detail including all custom fields, task list, Read get_card_field get_card_field Read get_card_spec get_card_spec Read get_github_repos List GitHub repos connected to a project (or all org repos). Read get_loop_state Read a loop's durable cross-run memory (LoopState §2.12): Read get_loop_status get_loop_status Read get_spec_complexity Return the deterministic (no-LLM) complexity score + breakdown. Read get_spec_history get_spec_history Read get_velocity_forecast Predicted cycle-time band for a card at its current complexity. Read get_verification_status The loop's verification snapshot: last verdict, the card's qa_status, Read get_workspace_activity get_workspace_activity Read list_active_loops List active governed loops (optionally scoped to one card). Read list_agent_accounts List agent identities registered on the current organisation. Read list_agent_runs List AgentRuns scoped to the current org. Read list_blockers List all active (unresolved) blockers on a card. Read list_boards List all boards (projects) in the organisation. Read list_card_github_links List the PR / commit / issue links attached to a card. Read list_cards list_cards Read list_comments List all comments on a card, newest first. Read list_custom_fields list_custom_fields Read list_epics List all epics in the project. Read list_iterations List all iterations (sprints / milestones) in the project. Read list_labels list_labels Read list_members List members of the organisation or a specific project. Read list_milestones list_milestones Read list_skills List reusable Skill packs (governed Markdown context) available to Read list_spec_proposals List a card's active + recent spec proposals (newest first, capped Read list_tasks List all tasks (checklist items) on a card. Read list_time_entries List time entries, optionally filtered to a specific card. Read list_webhooks List all webhooks configured on the project. Read load_skill Load a Skill's approved content (Markdown + config) to inject into the Read report_agent_progress report_agent_progress Read search_by_field_value search_by_field_value Read search_cards search_cards Read verify_card verify_card

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Scrumdo

Can an AI agent delete data through the Scrumdo MCP server? +

Yes. The Scrumdo server exposes 4 destructive tools including cancel_loop, delete_comment, delete_task. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Scrumdo? +

The Scrumdo server has 31 write tools including add_attachment, add_card_label, add_comment. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Scrumdo.

How many tools does the Scrumdo MCP server expose? +

93 tools across 4 categories: Destructive, Execute, Read, Write. 46 are read-only. 47 can modify, create, or delete data.

How do I enforce a policy on Scrumdo? +

Register the Scrumdo MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Scrumdo tool call.

Deterministic rules across all 93 Scrumdo tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

93 Scrumdo tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.