Mcp

51 tools. 25 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

25 can modify or destroy data
26 read-only
51 tools total

Community server · catalogue entry verified 03/07/2026

How to control Mcp ↓

What Mcp exposes to your agents

Read (26) Write / Execute (24) Destructive / Financial (1)
Critical Risk

The most dangerous Mcp tools

25 of Mcp's 51 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Mcp

PolicyLayer is an MCP gateway — it sits between your AI agents and Mcp, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "auth_logout": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "auth_login": {
    "limits": [
      {
        "counter": "auth_login_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "auth_status": {
    "limits": [
      {
        "counter": "auth_status_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Mcp — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP →

Instant setup, no code required.

All 51 Mcp tools

EXECUTE 17 tools
Execute browser_assert_layout Run numeric layout assertions against getBoundingClientRect() for a target element. Execute browser_auth_from_api_login Authenticate frontend state by API login and persist tokens into localStorage for the current browser origin. Execute browser_click Click an element in the current browser session. Execute browser_fill Fill an input, textarea, or contenteditable-compatible field. Execute browser_inspect_page High-level frontend inspection workflow: open session, optionally auth, navigate, inspect, capture artifacts, Execute browser_navigate Navigate the current browser page to an absolute or baseUrl-relative URL. Execute browser_open_account_home Open the authenticated account home page in a new browser session and keep the session alive for follow-up act Execute browser_open_profile_page Open the authenticated profile page in a new browser session and keep the session alive for follow-up actions. Execute browser_open_security_page Open the authenticated security page in a new browser session and keep the session alive for follow-up actions Execute browser_open_session Create a stateful browser session backed by Playwright Chromium. Execute browser_press Press a keyboard key on the page or a focused selector. Execute browser_wait_for Wait for a selector, load state, or URL condition inside an existing browser session. Execute call_api_by_swagger Call a Swagger operation by operationId. Auth header is injected automatically from MCP session. Execute call_api_raw Make a raw HTTP request with full control over method, URL construction, headers, query params, body mode, and Execute monitoring_latency_report Build nginx latency report from remote access logs (same rt= metric as Grafana Outvento Response Time). Use wh Execute vitour_ensure_server Ensure the local Vitour static HTTP server is running (python3 -m http.server) and return baseUrl. Execute vitour_open_page Start Vitour static server, open a Playwright session on a Vitour page, and keep the session open for follow-u
READ 26 tools
Read auth_status Return whether MCP currently has a stored token and fallback credentials. Read browser_capture_profile_mobile Open the profile page in a mobile browser profile, capture screenshots/styles/diagnostics, and close the sessi Read browser_evaluate Evaluate a JavaScript expression in the page context and return a serializable result. Read browser_get_attribute Return an attribute value for a target element without failing when the attribute is absent. Read browser_get_bounding_rect Return getBoundingClientRect() for a target element. Read browser_get_computed_styles Return computed styles for an element and optionally its parent chain. Read browser_get_console_logs Return accumulated browser console logs for a session. Read browser_get_network_errors Return failed or HTTP 4xx/5xx network requests captured for a browser session. Read browser_get_text Return text content for a visible element. Read browser_load_storage_state Load a Playwright storage state artifact JSON into the current browser session. Read browser_scan_i18n_leaks Scan visible page text and document.title for untranslated i18n keys (e.g. page_profile.public_profile.fallbac Read browser_screenshot Capture a full-page or element screenshot and return the artifact path. Read find_endpoint_by_keyword Find Swagger paths containing a keyword. Read get_endpoint Get operation details by path and HTTP method. Read get_schema Get schema definition by name from Swagger components. Read health Check DB, Swagger, and browser automation availability and return service health. Read inspect_swagger_endpoint Inspect a Swagger endpoint by operationId or path+method, including request/response schemas and optionally re Read list_api_endpoints List all Swagger path entries. Read list_tables List public schema table names. Read qa_get_verification_code Return the latest email verification code for a registered user (read-only SQL helper for QA flows). Read qa_list_recent_users List recently created users matching an email prefix (read-only SQL helper for QA cleanup/review). Read run_sql Run a read-only SQL query and return rows. Read tool_status Return MCP tool registration status and environment diagnostics. Read vitour_inspect_page Inspect a Vitour page in the browser: screenshot, optional target styles, console/network diagnostics; session Read vitour_list_pages List top-level Vitour HTML pages with design-reference hints for Outvento frontend work. Read vitour_read_snippet Read an HTML/CSS snippet from a Vitour page file on disk (read-only, no browser required).

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Mcp

Can an AI agent delete data through the MCP server? +

Yes. The Mcp server exposes 1 destructive tools including auth_logout. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Mcp? +

The Mcp server has 7 write tools including auth_login, browser_close_session, browser_save_storage_state. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Mcp.

How many tools does the MCP server expose? +

51 tools across 4 categories: Destructive, Execute, Read, Write. 26 are read-only. 25 can modify, create, or delete data.

How do I enforce a policy on Mcp? +

Register the MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Mcp tool call.

Deterministic rules across all 51 Mcp tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

51 Mcp tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.