Stepsecurity

30 tools. 3 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

3 can modify or destroy data
27 read-only
30 tools total

Community server · catalogue entry verified 29/06/2026

How to control Stepsecurity ↓

What Stepsecurity exposes to your agents

Read (27) Write / Execute (2) Destructive / Financial (1)
Critical Risk

The most dangerous Stepsecurity tools

3 of Stepsecurity's 30 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Stepsecurity

PolicyLayer is an MCP gateway — it sits between your AI agents and Stepsecurity, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_suppression_rule": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "create_suppression_rule": {
    "limits": [
      {
        "counter": "create_suppression_rule_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "analyze_anomalous_calls_by_process": {
    "limits": [
      {
        "counter": "analyze_anomalous_calls_by_process_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Stepsecurity — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON STEPSECURITY →

Instant setup, no code required.

All 30 Stepsecurity tools

READ 27 tools
Read analyze_anomalous_calls_by_process Group tenant-wide anomalous network-call detections by the calling process. Goal: spot VPN / mesh-networking d Read check_ioc_in_baseline Search the Harden-Runner org baseline for a domain or IP indicator of compromise. Uses the server-side Read check_npm_package_exposure Org-wide (CI-side) Read check_npm_package_on_dev_machines Developer-machine Read check_pypi_package_exposure Org-wide (CI-side) Read check_python_package_on_dev_machines Developer-machine Read describe_capabilities Describe what this MCP server can do and how to use it. Call this when the user asks Read find_endpoint_calls_in_tenant Find every workflow-run observation of a given network endpoint across EVERY GitHub org installed under the te Read find_repos_using_endpoint Find every repo in an org whose Harden-Runner baseline contains a given network endpoint (domain or IP, substr Read get_my_tenant Return the StepSecurity customer/tenant identifier configured on this MCP server, along with a link to the ten Read get_suppression_rule Get one suppression rule by id. Read-only. Read get_threat_incident Get full details of one threat-center incident — including the Read list_anomalous_network_calls List anomalous outbound network-call detections across the tenant (all orgs installed under the customer). Read list_blocked_domain_calls List detections where Harden-Runner actively BLOCKED an outbound network call (egress-policy enforcement). Dif Read list_detections List Harden-Runner detections for an organization, filtered by detection type and status. Common detection IDs Read list_github_api_calls_in_run List every HTTPS call to github.com or api.github.com made by jobs in a specific workflow run. Useful for audi Read list_https_outbound_calls List HTTPS outbound network-call detections (TLS-intercepted calls with method + path). Useful when you need t Read list_imposter_commit_detections List detections where a GitHub Action is pinned to a commit SHA that doesn Read list_recent_workflow_runs List the 100 most recent Harden-Runner-monitored workflow runs for a GitHub organization, optionally narrowed Read list_secrets_in_build_log List detections where a secret (API key, private key, token, etc.) was detected in a CI build log. The API ret Read list_suppression_rules List all suppression (detection) rules configured for the tenant. Use this before creating a new rule to check Read list_suspicious_process_events List suspicious-process-event detections across the tenant. This is a virtual detection ID that aggregates thr Read list_tenant_github_orgs List every GitHub organization installed under a StepSecurity tenant. Call this first when a user asks for a t Read list_threat_incidents List supply-chain threat-center incidents tracked by StepSecurity for a GitHub organization. ALWAYS call this Read ping Returns Read preview_suppression_rule APPROXIMATE client-side preview of what creating a suppression rule would do. Fetches recent detections of the Read search_action_usage Find which workflows across the organization use a given GitHub Action. Useful for responding to a compromised

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Stepsecurity

Can an AI agent delete data through the Stepsecurity MCP server? +

Yes. The Stepsecurity server exposes 1 destructive tools including delete_suppression_rule. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Stepsecurity? +

The Stepsecurity server has 2 write tools including create_suppression_rule, update_suppression_rule. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Stepsecurity.

How many tools does the Stepsecurity MCP server expose? +

30 tools across 3 categories: Destructive, Read, Write. 27 are read-only. 3 can modify, create, or delete data.

How do I enforce a policy on Stepsecurity? +

Register the Stepsecurity MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Stepsecurity tool call.

Deterministic rules across all 30 Stepsecurity tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

30 Stepsecurity tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.