StealthSurf MCP Server

92 tools. 47 can modify or destroy data without limits.

17 destructive tools with no built-in limits. Policy required.

Last updated:

47 can modify or destroy data
45 read-only
92 tools total

Community server · catalogue entry verified 29/06/2026

How to control StealthSurf MCP Server ↓

What StealthSurf MCP Server exposes to your agents

Read (45) Write / Execute (30) Destructive / Financial (17)
Critical Risk

The most dangerous StealthSurf MCP Server tools

47 of StealthSurf MCP Server's 92 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control StealthSurf MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and StealthSurf MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "referral_withdraw_card": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "cloud_configs_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "cloud_configs_create": {
    "limits": [
      {
        "counter": "cloud_configs_create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "balance_calculate": {
    "limits": [
      {
        "counter": "balance_calculate_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register StealthSurf MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON STEALTHSURF →

Instant setup, no code required.

All 92 StealthSurf MCP Server tools

DESTRUCTIVE 15 tools
Destructive cloud_configs_delete Permanently delete a VPN config from a cloud server. The config Destructive cloud_proxies_change_title Change display title of a cloud server proxy. Set null to reset to default. Destructive cloud_proxies_delete Permanently delete a proxy from a cloud server. The proxy connection_url stops working immediately. Cannot be Destructive configs_delete_subconfig Delete the subconfig (HTTP/SOCKS5 proxy) from a VPN config. The main VPN config remains active — only the prox Destructive custom_subscriptions_delete Permanently delete a custom subscription. The subscription URL stops working. All items are removed but the un Destructive custom_subscriptions_delete_all_devices Remove all devices from a custom subscription. Returns deleted_count. Destructive custom_subscriptions_delete_device Remove a device from a custom subscription. Destructive custom_subscriptions_reset_key Regenerate the subscription URL key. The old URL stops working immediately. All VPN apps using this subscripti Destructive devices_delete Remove a specific device from the device list. The device will need to re-register on next VPN connection. Destructive devices_delete_all Remove all devices from the device list. All devices will need to re-register. Returns count of deleted device
WRITE 29 tools
Write cloud_configs_create Create a new VPN config on a cloud server. Unlike regular configs, cloud configs live on user Write cloud_configs_update_xray Update custom XRay configuration for a cloud server config. Requires extended settings enabled. XRay config de Write cloud_proxies_create Create an HTTP or SOCKS5 proxy on a cloud server. HTTP proxies work with browsers and most apps. SOCKS5 proxie Write cloud_servers_create_order Order a new dedicated cloud server (VPS). Requires location_id from locations_list. Server is provisioned auto Write configs_create Create a new VPN configuration. Requires location_id (from locations_list) and optionally protocol (default: v Write configs_create_subconfig Create an HTTP or SOCKS5 proxy subconfig for a VPN config. This adds an alternative connection method to the c Write configs_make_bridge Create a dual-hop VPN bridge between two configs for enhanced privacy. Traffic routes: User → first_config (en Write configs_update_settings Update VPN config settings: change protocol, location, server, and extended options. Location and protocol are Write configs_update_subconfig Change the protocol of an existing subconfig (HTTP ↔ SOCKS5). Regenerates the connection_url for the new proto Write configs_update_xray_config Update custom XRay configuration for a VPN config. Requires use_extended_settings to be enabled first via conf Write custom_subscriptions_create Create a custom subscription bundling 1-50 VPN configs into one subscription URL. Items can mix different type Write custom_subscriptions_set_device_blocked Block or unblock a device in a custom subscription. Write custom_subscriptions_update_device_settings Update device access settings for a custom subscription. These are independent from profile-level device setti Write custom_subscriptions_update_items Replace all items in a custom subscription (full update). Removes existing items and sets new ones. Use custom Write custom_subscriptions_update_title Rename a custom subscription. Write devices_set_blocked Block or unblock a specific device. Blocked devices cannot use VPN until unblocked. Useful for revoking access Write devices_update_settings Update device access settings. block_unknown_devices: when true, only apps sending x-hwid header can connect ( Write profile_connect_telegram Start Telegram bot connection. Returns a one-time code that the user must send to the StealthSurf Telegram bot Write profile_disconnect_telegram Disconnect Telegram bot from the user Write profile_update_notification_settings Update notification preferences. Controls when and whether the user receives renewal reminder emails. Set time Write xray_generate_keys Generate a new X25519 key pair for XRay Reality transport. Returns: privateKey and publicKey. Use the publicKe
READ 45 tools
Read balance_calculate Calculate prices for balance top-up across all payment methods. Input amount in RUB (1-15000), returns array o Read balance_topup Initiate balance top-up. Returns a payment link that the user must visit to complete payment. After successful Read cloud_configs_change_protocol Change the VPN protocol of a cloud server config. Regenerates connection_url for the new protocol. Available p Read cloud_configs_change_title Change display title of a cloud server config. Helps identify configs (e.g. Read cloud_configs_list List all VPN configs on a cloud server. Each cloud server can have multiple configs with different protocols. Read cloud_proxies_change_protocol Change protocol of a cloud server proxy (HTTP ↔ SOCKS5). Regenerates connection_url for the new protocol. Read cloud_proxies_list List all HTTP/SOCKS5 proxies on a cloud server. Proxies provide simple proxy access (not full VPN). Useful for Read cloud_servers_get_stats Get real-time statistics for a cloud server. Returns: host IP, status, uptime_days, cpu_model, and historical Read cloud_servers_list List all user cloud servers (dedicated VPS instances). Returns array with: id, location_id, status ( Read cloud_servers_renew Renew a cloud server subscription to extend expiration. Same parameters as create_order. If balance sufficient Read cloud_servers_toggle_auto_renewal Enable or disable auto-renewal for a cloud server. When enabled, renews from user balance before expiration. R Read configs_change_title Change the display title of a VPN config. Titles help users identify configs (e.g. Read configs_get_available_servers Get available VPN servers for a specific location and protocol. Returns servers with capacity info. Use locati Read configs_get_server_stats Get real-time server statistics for a VPN config Read configs_get_subconfig Get the subconfig (HTTP or SOCKS5 proxy) attached to a VPN config. Subconfigs provide an alternative connectio Read configs_get_tariffs Get available tariffs (pricing plans) for VPN config purchase and renewal. Returns tariffs grouped by payment Read configs_list List all user VPN configurations. Returns array of configs with: id, title, protocol, location_id, server_id, Read configs_renew Renew an existing VPN config subscription to extend its expiration. Get tariff options from configs_get_tariff Read configs_toggle_auto_renewal Enable or disable auto-renewal for a VPN config. When enabled, the subscription auto-renews from user balance Read custom_subscriptions_get Get detailed info for a custom subscription. Returns: id, title, subscription_key, items_count, and full items Read custom_subscriptions_get_available_items Get all items the user can add to custom subscriptions. Returns configs (regular + cloud server) and paid opti Read custom_subscriptions_get_device_settings Get device access settings for a custom subscription. Returns: block_unknown_devices, device_limit. Independen Read custom_subscriptions_get_devices Get devices connected to a custom subscription. Returns paginated list with: id, device_name, device_type (ios Read custom_subscriptions_list List user Read devices_get_settings Get device access settings. Returns: block_unknown_devices (block apps without hardware ID header), device_lim Read devices_list List user Read locations_list List all available VPN server locations. Returns array with: id, country, city, emoji flag, available protocol Read payments_history_list Get payment history. Returns array of transactions with: id, amount (RUB), type (new_config/renewal/topup/etc. Read profile_check_telegram Check if Telegram bot is connected to the user Read profile_get Get user profile information. Returns: id, email, balance (RUB), referral_balance (RUB), referrals_count, is_t Read profile_get_notification_settings Get notification preferences. Returns: renewal_reminders (boolean), notification_start_hour (0-23), notificati Read profile_get_notifications Get user notifications. Returns array of notifications with id and content (message text). These are system me Read profile_regenerate_subscription_link Regenerate the VPN subscription URL/key. The old subscription link stops working and a new one is issued. All Read promocodes_list Get user Read referral_get_data Get referral withdrawal history. Returns array of referral transactions with: amount, method (sbp/card), accou Read referral_get_sbp_banks Get list of banks supporting SBP (Fast Payment System) withdrawal. Returns array of banks with id and name. Us

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about StealthSurf MCP Server

Can an AI agent move money through the StealthSurf MCP Server MCP server? +

Yes. The StealthSurf MCP Server server exposes 2 financial tools including referral_withdraw_card, referral_withdraw_sbp. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the StealthSurf MCP Server MCP server? +

Yes. The StealthSurf MCP Server server exposes 15 destructive tools including cloud_configs_delete, cloud_proxies_change_title, cloud_proxies_delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through StealthSurf MCP Server? +

The StealthSurf MCP Server server has 29 write tools including cloud_configs_create, cloud_configs_update_xray, cloud_proxies_create. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach StealthSurf MCP Server.

How many tools does the StealthSurf MCP Server MCP server expose? +

92 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 45 are read-only. 47 can modify, create, or delete data.

How do I enforce a policy on StealthSurf MCP Server? +

Register the StealthSurf MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every StealthSurf MCP Server tool call.

Deterministic rules across all 92 StealthSurf MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

92 StealthSurf MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.