Outpost

39 tools. 16 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

16 can modify or destroy data
23 read-only
39 tools total

Community server · catalogue entry verified 03/07/2026

How to control Outpost ↓

What Outpost exposes to your agents

Read (23) Write / Execute (12) Destructive / Financial (4)
Critical Risk

The most dangerous Outpost tools

16 of Outpost's 39 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Outpost

PolicyLayer is an MCP gateway — it sits between your AI agents and Outpost, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cal_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "cal_add": {
    "limits": [
      {
        "counter": "cal_add_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "auth_status": {
    "limits": [
      {
        "counter": "auth_status_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Outpost — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON OUTPOST →

Instant setup, no code required.

All 39 Outpost tools

READ 23 tools
Read auth_status Check if the user is authenticated with Microsoft. Read cal_list List calendar events from Outlook. Read cal_next Get the next upcoming calendar event(s) from Outlook. Read cal_today Get today's calendar events from Outlook. Read contact_list List contacts from Outlook. Read contact_search Search contacts in Outlook by name or email. Read mail_attachments List attachments for an email message. Read mail_download_attachment Download an email attachment. Returns filename and base64-encoded content. Read mail_list List email messages from Outlook. Read mail_read Read a specific email message from Outlook. Read mail_search Search email messages across all folders in Outlook. Read task_list List tasks from Microsoft To Do. Read task_lists List all task lists in Microsoft To Do. Read teams_channels List channels in a Microsoft Team. Read teams_chat_messages Read messages from a Teams chat (1:1 or group). Read teams_chats List your recent Teams chats (1:1, group, and meeting). Requires the Teams feature. Read teams_download teams_download Read teams_files List files in a Teams channel's SharePoint folder. Read teams_list List your joined Microsoft Teams. Requires the Teams feature to be enabled in outpost setup. Read teams_messages Read messages from a Teams channel. Read teams_workspace_extract teams_workspace_extract Read teams_workspace_list List files currently in the transient workspace directory. Read teams_workspace_read Read a text file from the workspace directory.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Outpost

Can an AI agent delete data through the Outpost MCP server? +

Yes. The Outpost server exposes 4 destructive tools including cal_delete, mail_delete, task_delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Outpost? +

The Outpost server has 12 write tools including cal_add, cal_update, mail_reply. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Outpost.

How many tools does the Outpost MCP server expose? +

39 tools across 3 categories: Destructive, Read, Write. 23 are read-only. 16 can modify, create, or delete data.

How do I enforce a policy on Outpost? +

Register the Outpost MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Outpost tool call.

Deterministic rules across all 39 Outpost tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

39 Outpost tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.