// SCAN REPORT

Tailscale

89 tools. 47 can modify or destroy data without limits.

10 destructive tools with no built-in limits. Policy required.

Last updated:

47 can modify or destroy data
42 read-only
89 tools total
// TOOL MAP
Read (42) Write / Execute (37) Destructive / Financial (10)
// WHAT CAN GO WRONG

Destructive tools (tailscale_delete_device, tailscale_delete_device_invite, tailscale_delete_device_posture_attribute) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (tailscale_accept_device_invite, tailscale_approve_user, tailscale_batch_update_posture_attributes) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

// RECOMMENDED RULES
Deny destructive operations
tailscale_delete_device:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
tailscale_accept_device_invite:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
tailscale_authorize_device:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 89 TAILSCALE TOOLS
DESTRUCTIVE 10 tools
Destructive tailscale_delete_device Destructive tailscale_delete_device_invite Destructive tailscale_delete_device_posture_attribute Destructive tailscale_delete_key Destructive tailscale_delete_log_stream_config Destructive tailscale_delete_posture_integration Destructive tailscale_delete_service Destructive tailscale_delete_user Destructive tailscale_delete_user_invite Destructive tailscale_delete_webhook
WRITE 37 tools
Write tailscale_accept_device_invite Write tailscale_approve_user Write tailscale_batch_update_posture_attributes Write tailscale_create_aws_external_id Write tailscale_create_device_invite Write tailscale_create_key Write tailscale_create_posture_integration Write tailscale_create_user_invite Write tailscale_create_webhook Write tailscale_rename_device Write tailscale_resend_device_invite Write tailscale_resend_user_invite Write tailscale_restore_user Write tailscale_rotate_webhook_secret Write tailscale_set_contacts Write tailscale_set_device_ip Write tailscale_set_device_posture_attribute Write tailscale_set_device_routes Write tailscale_set_device_tags Write tailscale_set_devices_authorized Write tailscale_set_dns_configuration Write tailscale_set_dns_preferences Write tailscale_set_log_stream_config Write tailscale_set_nameservers Write tailscale_set_search_paths Write tailscale_set_service_device_approval Write tailscale_set_split_dns Write tailscale_suspend_user Write tailscale_update_acl Write tailscale_update_device_key Write tailscale_update_key Write tailscale_update_posture_integration Write tailscale_update_service Write tailscale_update_split_dns Write tailscale_update_tailnet_settings Write tailscale_update_user_role Write tailscale_update_webhook
READ 42 tools
Read tailscale_authorize_device Read tailscale_deauthorize_device Read tailscale_expire_device Read tailscale_get_acl Read tailscale_get_audit_log Read tailscale_get_contacts Read tailscale_get_device Read tailscale_get_device_invite Read tailscale_get_device_posture_attributes Read tailscale_get_device_routes Read tailscale_get_dns_configuration Read tailscale_get_dns_preferences Read tailscale_get_key Read tailscale_get_log_stream_config Read tailscale_get_log_stream_status Read tailscale_get_nameservers Read tailscale_get_network_flow_logs Read tailscale_get_posture_integration Read tailscale_get_search_paths Read tailscale_get_service Read tailscale_get_service_device_approval Read tailscale_get_split_dns Read tailscale_get_tailnet_settings Read tailscale_get_user Read tailscale_get_user_invite Read tailscale_get_webhook Read tailscale_list_device_invites Read tailscale_list_devices Read tailscale_list_keys Read tailscale_list_log_stream_configs Read tailscale_list_posture_integrations Read tailscale_list_service_hosts Read tailscale_list_services Read tailscale_list_user_invites Read tailscale_list_users Read tailscale_list_webhooks Read tailscale_preview_acl Read tailscale_resend_contact_verification Read tailscale_status Read tailscale_test_webhook Read tailscale_validate_acl Read tailscale_validate_aws_trust_policy
// FAQ
Can an AI agent delete data through the Tailscale MCP server? +

Yes. The Tailscale server exposes 10 destructive tools including tailscale_delete_device, tailscale_delete_device_invite, tailscale_delete_device_posture_attribute. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Tailscale? +

The Tailscale server has 37 write tools including tailscale_accept_device_invite, tailscale_approve_user, tailscale_batch_update_posture_attributes. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Tailscale MCP server expose? +

89 tools across 3 categories: Destructive, Read, Write. 42 are read-only. 47 can modify, create, or delete data.

How do I add Intercept to my Tailscale setup? +

One line change. Instead of running the Tailscale server directly, prefix it with Intercept: intercept -c tailscale.yaml -- npx -y @@yawlabs/tailscale-mcp. Download a pre-built policy from policylayer.com/policies/tailscale and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

AdButler 622 tools
admin
Mcp Api 314 tools
admin
Aibtc 308 tools
admin
SmartBear MCP 243 tools
admin
Google Super 200 tools
admin
Trello 200 tools
admin
Arcane 180 tools
admin
Propresenter 177 tools
admin

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.