// SCAN REPORT

SmartBear MCP

243 tools. 98 can modify or destroy data without limits.

19 destructive tools with no built-in limits. Policy required.

Last updated:

98 can modify or destroy data
145 read-only
243 tools total
// TOOL MAP
Read (145) Write / Execute (79) Destructive / Financial (19)
// WHAT CAN GO WRONG

Destructive tools (collaborator_delete_collaborator_remote_system_configuration, contract-testing_admin_delete_role, contract-testing_admin_delete_team) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (bugsnag_set_network_endpoint_groupings, bugsnag_update_error, collaborator_create_collaborator_remote_system_configuration) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (collaborator_reviewservice_action, contract-testing_can_i_deploy, contract-testing_execute_webhook) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES
Deny destructive operations
collaborator_delete_collaborator_remote_system_configuration:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
bugsnag_set_network_endpoint_groupings:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
bugsnag_get_build:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 243 SMARTBEAR MCP TOOLS
DESTRUCTIVE 19 tools
Destructive collaborator_delete_collaborator_remote_system_configuration Destructive contract-testing_admin_delete_role Destructive contract-testing_admin_delete_team Destructive contract-testing_admin_delete_user Destructive contract-testing_admin_remove_role_from_user Destructive contract-testing_admin_remove_user_from_team Destructive contract-testing_admin_reset_roles Destructive contract-testing_delete_all_integrations Destructive contract-testing_delete_branch Destructive contract-testing_delete_environment Destructive contract-testing_delete_integration Destructive contract-testing_delete_pacticipant Destructive contract-testing_delete_secret Destructive contract-testing_delete_webhook Destructive contract-testing_remove_label_from_pacticipant Destructive reflect_cancel_suite_execution Destructive reflect_delete_previous_step Destructive swagger_delete_portal_product Destructive swagger_delete_table_of_contents
EXECUTE 6 tools
Execute collaborator_reviewservice_action Execute contract-testing_can_i_deploy Execute contract-testing_execute_webhook Execute qmetry_link_issues_to_testcase_run Execute reflect_execute_suite Execute reflect_run_test
WRITE 73 tools
Write bugsnag_set_network_endpoint_groupings Write bugsnag_update_error Write collaborator_create_collaborator_remote_system_configuration Write collaborator_create_collaborator_review Write collaborator_edit_collaborator_remote_system_configuration Write collaborator_reject_collaborator_review Write collaborator_update_collaborator_remote_system_configuration_webhook Write contract-testing_add_label_to_pacticipant Write contract-testing_admin_add_role_to_user Write contract-testing_admin_create_role Write contract-testing_admin_create_system_account Write contract-testing_admin_create_team Write contract-testing_admin_create_user Write contract-testing_admin_invite_users Write contract-testing_admin_patch_team_users Write contract-testing_admin_set_team_users Write contract-testing_admin_set_user_roles Write contract-testing_admin_update_role Write contract-testing_admin_update_team Write contract-testing_admin_update_user Write contract-testing_create_environment Write contract-testing_create_pacticipant Write contract-testing_create_secret Write contract-testing_create_webhook Write contract-testing_generate_pact_tests Write contract-testing_patch_pacticipant Write contract-testing_publish_consumer_contracts Write contract-testing_publish_provider_contract Write contract-testing_update_environment Write contract-testing_update_pacticipant Write contract-testing_update_pacticipant_version Write contract-testing_update_secret Write contract-testing_update_webhook Write qmetry_bulk_update_test_case_execution_status Write qmetry_create_cycle Write qmetry_create_defect_or_issue Write qmetry_create_release Write qmetry_create_test_case Write qmetry_create_test_suite Write qmetry_import_automation_test_results Write qmetry_set_qmetry_project_info Write qmetry_update_cycle Write qmetry_update_issue Write qmetry_update_test_case Write qmetry_update_test_suite Write reflect_add_prompt_step Write reflect_add_segment Write reflect_connect_to_session Write swagger_create_api_from_prompt Write swagger_create_or_update_api Write swagger_create_portal Write swagger_create_portal_product Write swagger_create_table_of_contents Write swagger_publish_portal_product Write swagger_standardize_api Write swagger_update_document Write swagger_update_portal Write swagger_update_portal_product Write zephyr_create_folder Write zephyr_create_test_case Write zephyr_create_test_case_issue_link Write zephyr_create_test_case_steps Write zephyr_create_test_case_web_link Write zephyr_create_test_cycle Write zephyr_create_test_cycle_issue_link Write zephyr_create_test_cycle_web_link Write zephyr_create_test_execution Write zephyr_create_test_execution_issue_link Write zephyr_create_test_script Write zephyr_update_test_case Write zephyr_update_test_cycle Write zephyr_update_test_execution Write zephyr_update_test_execution_steps
READ 145 tools
Read bugsnag_get_build Read bugsnag_get_current_project Read bugsnag_get_error Read bugsnag_get_event Read bugsnag_get_event_details_from_dashboard_url Read bugsnag_get_events_on_an_error Read bugsnag_get_network_endpoint_groupings Read bugsnag_get_release Read bugsnag_get_span_group Read bugsnag_get_trace Read bugsnag_list_project_errors Read bugsnag_list_project_event_filters Read bugsnag_list_projects Read bugsnag_list_releases Read bugsnag_list_span_groups Read bugsnag_list_spans Read bugsnag_list_trace_fields Read collaborator_find_collaborator_review_by_id Read collaborator_get_collaborator_reviews Read collaborator_test_collaborator_remote_system_configuration_connection Read contract-testing_admin_get_role Read contract-testing_admin_get_system_account_tokens Read contract-testing_admin_get_team Read contract-testing_admin_get_team_user Read contract-testing_admin_get_user Read contract-testing_admin_list_permissions Read contract-testing_admin_list_roles Read contract-testing_admin_list_team_users Read contract-testing_admin_list_teams Read contract-testing_admin_list_users Read contract-testing_check_pactflow_ai_entitlements Read contract-testing_get_audit_log Read contract-testing_get_bdct_consumer_contract_by_consumer_version Read contract-testing_get_bdct_consumer_contract_verification_results Read contract-testing_get_bdct_consumer_contract_verification_results_by_consumer_version Read contract-testing_get_bdct_consumer_contracts Read contract-testing_get_bdct_cross-contract_verification_results Read contract-testing_get_bdct_cross-contract_verification_results_by_consumer_version Read contract-testing_get_bdct_provider_contract Read contract-testing_get_bdct_provider_contract_by_consumer_version Read contract-testing_get_bdct_provider_contract_verification_results Read contract-testing_get_bdct_provider_contract_verification_results_by_consumer_version Read contract-testing_get_branch Read contract-testing_get_branch_versions Read contract-testing_get_current_user Read contract-testing_get_currently_deployed_versions Read contract-testing_get_currently_supported_versions Read contract-testing_get_deployed_versions_for_version Read contract-testing_get_environment Read contract-testing_get_integrations_by_team Read contract-testing_get_latest_pacticipant_version Read contract-testing_get_metrics Read contract-testing_get_pacticipant Read contract-testing_get_pacticipant_label Read contract-testing_get_pacticipant_network Read contract-testing_get_pacticipant_version Read contract-testing_get_pacts_for_verification Read contract-testing_get_provider_states Read contract-testing_get_released_versions_for_version Read contract-testing_get_secret Read contract-testing_get_system_preferences Read contract-testing_get_team_metrics Read contract-testing_get_user_preferences Read contract-testing_get_webhook Read contract-testing_list_api_tokens Read contract-testing_list_branches Read contract-testing_list_environments Read contract-testing_list_integrations Read contract-testing_list_labels Read contract-testing_list_pacticipant_versions Read contract-testing_list_pacticipants Read contract-testing_list_pacticipants_by_label Read contract-testing_list_secrets Read contract-testing_list_webhooks Read contract-testing_matrix Read contract-testing_record_deployment Read contract-testing_record_release Read contract-testing_regenerate_api_token Read contract-testing_review_pact_tests Read contract-testing_test_execute_webhooks Read qmetry_fetch_automation_status Read qmetry_fetch_builds Read qmetry_fetch_defects_or_issues Read qmetry_fetch_executions_by_test_suite Read qmetry_fetch_issues_linked_to_test_case Read qmetry_fetch_linked_issues_of_test_case_run Read qmetry_fetch_platforms Read qmetry_fetch_qmetry_list_projects Read qmetry_fetch_qmetry_project_info Read qmetry_fetch_releases_and_cycles Read qmetry_fetch_requirement_details Read qmetry_fetch_requirements Read qmetry_fetch_requirements_linked_to_test_case Read qmetry_fetch_test_case_details Read qmetry_fetch_test_case_executions Read qmetry_fetch_test_case_runs_by_test_suite_run Read qmetry_fetch_test_case_steps Read qmetry_fetch_test_case_version_details Read qmetry_fetch_test_cases Read qmetry_fetch_test_cases_linked_to_requirement Read qmetry_fetch_test_cases_linked_to_test_suite Read qmetry_fetch_test_suites Read qmetry_fetch_test_suites_for_test_case Read qmetry_link_platforms_to_test_suite Read qmetry_link_requirements_to_testcase Read qmetry_link_test_cases_to_test_suite Read qmetry_requirements_linked_test_cases_to_test_suite Read reflect_get_screenshot Read reflect_get_suite_execution_status Read reflect_get_test_status Read reflect_list_segments Read reflect_list_suite_executions Read reflect_list_suites Read reflect_list_tests Read swagger_get_api_definition Read swagger_get_document Read swagger_get_portal Read swagger_get_portal_product Read swagger_list_organizations Read swagger_list_portal_product_sections Read swagger_list_portal_products Read swagger_list_portals Read swagger_list_table_of_contents Read swagger_scan_api_standardization Read swagger_search_apis_and_domains Read zephyr_get_environments Read zephyr_get_issue_link_test_cases Read zephyr_get_priorities Read zephyr_get_project Read zephyr_get_projects Read zephyr_get_statuses Read zephyr_get_test_case Read zephyr_get_test_case_links Read zephyr_get_test_case_steps Read zephyr_get_test_cases Read zephyr_get_test_cycle Read zephyr_get_test_cycle_links Read zephyr_get_test_cycles Read zephyr_get_test_cycles_linked_to_a_jira_issue Read zephyr_get_test_execution Read zephyr_get_test_execution_links Read zephyr_get_test_execution_steps Read zephyr_get_test_executions Read zephyr_get_test_executions_linked_to_a_jira_issue Read zephyr_get_test_script
// FAQ
Can an AI agent delete data through the SmartBear MCP MCP server? +

Yes. The SmartBear MCP server exposes 19 destructive tools including collaborator_delete_collaborator_remote_system_configuration, contract-testing_admin_delete_role, contract-testing_admin_delete_team. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through SmartBear MCP? +

The SmartBear MCP server has 73 write tools including bugsnag_set_network_endpoint_groupings, bugsnag_update_error, collaborator_create_collaborator_remote_system_configuration. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the SmartBear MCP MCP server expose? +

243 tools across 4 categories: Destructive, Execute, Read, Write. 145 are read-only. 98 can modify, create, or delete data.

How do I add Intercept to my SmartBear MCP setup? +

One line change. Instead of running the SmartBear MCP server directly, prefix it with Intercept: intercept -c smartbear-mcp.yaml -- npx -y @@smartbear/mcp. Download a pre-built policy from policylayer.com/policies/smartbear-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 314 tools
adminautomation
Aibtc 308 tools
adminautomation
Google Super 200 tools
adminautomation
Arcane 180 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Opencut Controller 161 tools
adminautomation
Apiosk 160 tools
adminautomation

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.