// SCAN REPORT

Forgejo

103 tools. 48 can modify or destroy data without limits.

9 destructive tools with no built-in limits. Policy required.

Last updated:

48 can modify or destroy data
55 read-only
103 tools total

Community server · catalogue entry verified 12/06/2026

How to control Forgejo ↓

TOOL MAP

What Forgejo exposes to your agents

Read (55) Write / Execute (39) Destructive / Financial (9)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Forgejo tools

Destructive · Critical admin_delete_user Deleting a user account is an irreversible destructive action that permanently removes user data and access. Destructive · High delete_branch Deleting a branch is a destructive operation that cannot be undone. Destructive · High delete_file Deleting a file from a repository is an irreversible action that cannot be undone without access to version history recovery mechanisms. Destructive · High delete_issue_comment The tool permanently deletes issue comments, which cannot be undone.

48 of Forgejo's 103 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Forgejo

PolicyLayer is an MCP gateway — it sits between your AI agents and Forgejo, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "admin_delete_user": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "remove_issue_label": {
    "limits": [
      {
        "counter": "remove_issue_label_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "admin_list_cron_jobs": {
    "limits": [
      {
        "counter": "admin_list_cron_jobs_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Forgejo — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON FORGEJO →

Free to start. No card required.

FULL CATALOGUE

All 103 Forgejo tools

DESTRUCTIVE 9 tools
Destructive admin_delete_user Delete a user (requires admin privileges) Destructive delete_branch Delete a branch from a repository Destructive delete_file Delete a file from a repository Destructive delete_issue_comment Delete a comment on an issue Destructive delete_label Delete a label from a repository Destructive delete_milestone Delete a milestone from a repository Destructive delete_org Delete an organization Destructive delete_repo Delete a repository by owner and name Destructive remove_team_member Remove a member from a team
EXECUTE 4 tools
Execute admin_run_cron_job Run a cron task by name (requires admin privileges) Execute render_markdown Render markdown text to HTML Execute render_markup Render markup text to HTML Execute update_pr_branch Update a pull request branch by rebasing on the base branch
WRITE 35 tools
Write remove_issue_label Remove a label from an issue Write transfer_repo Transfer a repository to a new owner Write fork_repo Fork a repository Write request_pr_review Request review from users on a pull request Write star_repo Star a repository for the authenticated user Write unstar_repo Unstar a repository for the authenticated user Write add_collaborator Add a collaborator to a repository Write add_issue_labels Add labels to an issue Write add_team_member Add a member to a team Write admin_create_user Create a new user (requires admin privileges) Write admin_edit_user Edit an existing user (requires admin privileges) Write create_branch Create a new branch in a repository Write create_file Create a new file in a repository Write create_issue Create a new issue in a repository Write create_issue_comment Add a comment to an issue Write create_label Create a label in a repository Write create_milestone Create a milestone in a repository Write create_org Create a new organization Write create_org_repo Create a new repository in an organization Write create_pr_review Create a review on a pull request Write create_pull_request Create a new pull request Write create_release Create a new release for a repository Write create_repo Create a new repository for the authenticated user Write create_team Create a new team in an organization Write edit_issue Edit an existing issue Write edit_issue_comment Edit a comment on an issue Write edit_label Edit an existing label Write edit_milestone Edit an existing milestone Write edit_org Edit an organization Write edit_pull_request Update an existing pull request Write edit_repo Edit a repository Write mark_notifications_read Mark all notifications as read for the authenticated user Write merge_pull_request Merge a pull request Write update_file Update an existing file in a repository Write update_repo_topics Set the topics for a repository (replaces all existing topics)
READ 55 tools
Read admin_list_cron_jobs List all cron jobs (requires admin privileges) Read admin_list_hooks List system webhooks (requires admin privileges) Read admin_list_users List all users (requires admin privileges) Read get_authenticated_user Get the currently authenticated user Read get_branch Get details of a specific branch Read get_file_contents Get the contents of a file in a repository Read get_gitignore_template Get a specific gitignore template by name Read get_issue Get a single issue by index Read get_label Get a single label by ID Read get_label_template Get a specific label template by name Read get_license_template Get a specific license template by name Read get_milestone Get a single milestone by ID Read get_nodeinfo Get the Forgejo instance NodeInfo Read get_org Get details of an organization Read get_pr_diff Get the diff of a pull request Read get_pull_request Get details of a single pull request Read get_repo Get details of a repository by owner and name Read get_runner_registration_token Get a runner registration token (requires admin privileges) Read get_server_version Get the Forgejo server version Read get_team Get a team by its ID Read get_user Get a user Read list_action_runners_jobs List action runner jobs (requires admin privileges) Read list_branches List branches of a repository Read list_collaborators List collaborators of a repository Read list_followers List a user Read list_following List who a user is following Read list_forks List forks of a repository Read list_gitignore_templates List all available gitignore templates Read list_issue_comments List comments on an issue Read list_issues List issues for a repository Read list_label_templates List all available label templates Read list_labels List labels for a repository Read list_license_templates List all available license templates Read list_milestones List milestones for a repository Read list_my_notifications List notifications for the authenticated user Read list_my_starred List repositories starred by the authenticated user Read list_org_hooks List webhooks for an organization Read list_org_labels List labels for an organization Read list_org_members List members of an organization Read list_org_repos List repositories belonging to an organization Read list_org_teams List teams in an organization Read list_orgs List all organizations on the Forgejo instance Read list_pr_commits List commits in a pull request Read list_pr_files List changed files in a pull request Read list_pr_reviews List reviews on a pull request Read list_pull_requests List pull requests for a repository Read list_releases List releases of a repository Read list_repo_commits List commits in a repository Read list_repo_topics Get the list of topics for a repository Read list_tags List tags of a repository Read list_user_orgs List organizations a user belongs to Read list_user_repos List repositories owned by a user Read list_user_starred List repositories starred by a user Read search_repos Search for repositories on the Forgejo instance Read search_users Search for users on the Forgejo instance
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
paymentsadminautomation
Mcp Afip 1300 tools
paymentsadminautomation
Mcp Ap2 1300 tools
paymentsadminautomation
BNB Chain MCP 1240 tools
paymentsadminautomation
Binance MCP Server 734 tools
paymentsadminautomation
GoHighLevel MCP Server 566 tools
paymentsadminautomation
0nmcp 407 tools
paymentsadminautomation
GoHighLevel MCP Server 406 tools
paymentsadminautomation
FAQ

Questions about Forgejo

Can an AI agent delete data through the Forgejo MCP server? +

Yes. The Forgejo server exposes 9 destructive tools including admin_delete_user, delete_branch, delete_file. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Forgejo? +

The Forgejo server has 35 write tools including remove_issue_label, transfer_repo, fork_repo. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Forgejo.

How many tools does the Forgejo MCP server expose? +

103 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 55 are read-only. 48 can modify, create, or delete data.

How do I enforce a policy on Forgejo? +

Register the Forgejo MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Forgejo tool call.

Deterministic rules across all 103 Forgejo tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON FORGEJO →

Free to start. No card required.

103 Forgejo tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.