// SCAN REPORT

SmartBear MCP

147 tools. 56 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

56 can modify or destroy data
91 read-only
147 tools total
// TOOL MAP
Read (91) Write / Execute (51) Destructive / Financial (5)
// WHAT CAN GO WRONG

Destructive tools (collaborator_delete_collaborator_remote_system_configuration, reflect_cancel_suite_execution, reflect_delete_previous_step) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (bugsnag_set_network_endpoint_groupings, bugsnag_update_error, collaborator_create_collaborator_remote_system_configuration) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (collaborator_reviewservice_action, contract-testing_can_i_deploy, qmetry_link_issues_to_testcase_run) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

One command. Full control.

Intercept sits between your agent and SmartBear MCP. Every tool call checked against your policy before it executes — so your agent can do its job without breaking things.

npx -y @policylayer/intercept scan -- npx -y @smartbear/mcp
Scans every tool. Generates a policy. Starts enforcing.
Works with Claude Code · Cursor · Claude Desktop · Windsurf · any MCP client
// RECOMMENDED RULES
Deny destructive operations
collaborator_delete_collaborator_remote_system_configuration:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
bugsnag_set_network_endpoint_groupings:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
bugsnag_get_build:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 147 SMARTBEAR MCP TOOLS
DESTRUCTIVE 5 tools
Destructive collaborator_delete_collaborator_remote_system_configuration Destructive reflect_cancel_suite_execution Destructive reflect_delete_previous_step Destructive swagger_delete_portal_product Destructive swagger_delete_table_of_contents
EXECUTE 5 tools
Execute collaborator_reviewservice_action Execute contract-testing_can_i_deploy Execute qmetry_link_issues_to_testcase_run Execute reflect_execute_suite Execute reflect_run_test
WRITE 46 tools
Write bugsnag_set_network_endpoint_groupings Write bugsnag_update_error Write collaborator_create_collaborator_remote_system_configuration Write collaborator_create_collaborator_review Write collaborator_edit_collaborator_remote_system_configuration Write collaborator_reject_collaborator_review Write collaborator_update_collaborator_remote_system_configuration_webhook Write contract-testing_generate_pact_tests Write qmetry_bulk_update_test_case_execution_status Write qmetry_create_cycle Write qmetry_create_defect_or_issue Write qmetry_create_release Write qmetry_create_test_case Write qmetry_create_test_suite Write qmetry_import_automation_test_results Write qmetry_set_qmetry_project_info Write qmetry_update_cycle Write qmetry_update_issue Write qmetry_update_test_case Write qmetry_update_test_suite Write reflect_add_prompt_step Write reflect_add_segment Write reflect_connect_to_session Write swagger_create_api_from_prompt Write swagger_create_or_update_api Write swagger_create_portal Write swagger_create_portal_product Write swagger_create_table_of_contents Write swagger_publish_portal_product Write swagger_update_document Write swagger_update_portal Write swagger_update_portal_product Write zephyr_create_folder Write zephyr_create_test_case Write zephyr_create_test_case_issue_link Write zephyr_create_test_case_steps Write zephyr_create_test_case_web_link Write zephyr_create_test_cycle Write zephyr_create_test_cycle_issue_link Write zephyr_create_test_cycle_web_link Write zephyr_create_test_execution Write zephyr_create_test_execution_issue_link Write zephyr_create_test_script Write zephyr_update_test_case Write zephyr_update_test_cycle Write zephyr_update_test_execution
READ 91 tools
Read bugsnag_get_build Read bugsnag_get_current_project Read bugsnag_get_error Read bugsnag_get_event Read bugsnag_get_event_details_from_dashboard_url Read bugsnag_get_network_endpoint_groupings Read bugsnag_get_release Read bugsnag_get_span_group Read bugsnag_get_trace Read bugsnag_list_project_errors Read bugsnag_list_project_event_filters Read bugsnag_list_projects Read bugsnag_list_releases Read bugsnag_list_span_groups Read bugsnag_list_spans Read bugsnag_list_trace_fields Read collaborator_find_collaborator_review_by_id Read collaborator_get_collaborator_reviews Read collaborator_test_collaborator_remote_system_configuration_connection Read contract-testing_check_pactflow_ai_entitlements Read contract-testing_get_metrics Read contract-testing_get_provider_states Read contract-testing_get_team_metrics Read contract-testing_matrix Read contract-testing_review_pact_tests Read qmetry_fetch_automation_status Read qmetry_fetch_builds Read qmetry_fetch_defects_or_issues Read qmetry_fetch_executions_by_test_suite Read qmetry_fetch_issues_linked_to_test_case Read qmetry_fetch_linked_issues_of_test_case_run Read qmetry_fetch_platforms Read qmetry_fetch_qmetry_list_projects Read qmetry_fetch_qmetry_project_info Read qmetry_fetch_releases_and_cycles Read qmetry_fetch_requirement_details Read qmetry_fetch_requirements Read qmetry_fetch_requirements_linked_to_test_case Read qmetry_fetch_test_case_details Read qmetry_fetch_test_case_executions Read qmetry_fetch_test_case_runs_by_test_suite_run Read qmetry_fetch_test_case_steps Read qmetry_fetch_test_case_version_details Read qmetry_fetch_test_cases Read qmetry_fetch_test_cases_linked_to_requirement Read qmetry_fetch_test_cases_linked_to_test_suite Read qmetry_fetch_test_suites Read qmetry_fetch_test_suites_for_test_case Read qmetry_link_platforms_to_test_suite Read qmetry_link_requirements_to_testcase Read qmetry_link_test_cases_to_test_suite Read qmetry_requirements_linked_test_cases_to_test_suite Read reflect_get_screenshot Read reflect_get_suite_execution_status Read reflect_get_test_status Read reflect_list_segments Read reflect_list_suite_executions Read reflect_list_suites Read reflect_list_tests Read swagger_get_api_definition Read swagger_get_document Read swagger_get_portal Read swagger_get_portal_product Read swagger_list_organizations Read swagger_list_portal_product_sections Read swagger_list_portal_products Read swagger_list_portals Read swagger_list_table_of_contents Read swagger_scan_api_standardization Read swagger_search_apis_and_domains Read swagger_standardize_api Read zephyr_get_environments Read zephyr_get_issue_link_test_cases Read zephyr_get_priorities Read zephyr_get_project Read zephyr_get_projects Read zephyr_get_statuses Read zephyr_get_test_case Read zephyr_get_test_case_links Read zephyr_get_test_case_steps Read zephyr_get_test_cases Read zephyr_get_test_cycle Read zephyr_get_test_cycle_links Read zephyr_get_test_cycles Read zephyr_get_test_cycles_linked_to_a_jira_issue Read zephyr_get_test_execution Read zephyr_get_test_execution_links Read zephyr_get_test_execution_steps Read zephyr_get_test_executions Read zephyr_get_test_executions_linked_to_a_jira_issue Read zephyr_get_test_script
// FAQ
Can an AI agent delete data through the SmartBear MCP MCP server? +

Yes. The SmartBear MCP server exposes 5 destructive tools including collaborator_delete_collaborator_remote_system_configuration, reflect_cancel_suite_execution, reflect_delete_previous_step. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through SmartBear MCP? +

The SmartBear MCP server has 46 write tools including bugsnag_set_network_endpoint_groupings, bugsnag_update_error, collaborator_create_collaborator_remote_system_configuration. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the SmartBear MCP MCP server expose? +

147 tools across 4 categories: Destructive, Execute, Read, Write. 91 are read-only. 56 can modify, create, or delete data.

How do I add Intercept to my SmartBear MCP setup? +

One line change. Instead of running the SmartBear MCP server directly, prefix it with Intercept: intercept -c smartbear-mcp.yaml -- npx -y @@smartbear/mcp. Download a pre-built policy from policylayer.com/policies/smartbear-mcp and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 310 tools
adminautomation
Aibtc 288 tools
adminautomation
Google Super 200 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Mcp Sitecore 153 tools
adminautomation
Slack 143 tools
adminautomation
Xdevplatform/xmcp 135 tools
adminautomation
policylayer/intercept

Control every MCP tool call
your agent makes.

Set budgets, approvals, and hard limits across MCP servers.

See what your agent can do
or control your agent now
npx -y @policylayer/intercept
Drop-in. No agent changes required.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.