Mastodon

54 tools. 24 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

24 can modify or destroy data
30 read-only
54 tools total

Community server · catalogue entry verified 30/06/2026

How to control Mastodon ↓

What Mastodon exposes to your agents

Read (30) Write / Execute (20) Destructive / Financial (4)
Critical Risk

The most dangerous Mastodon tools

24 of Mastodon's 54 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Mastodon

PolicyLayer is an MCP gateway — it sits between your AI agents and Mastodon, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "list_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "account_block": {
    "limits": [
      {
        "counter": "account_block_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "account_followers": {
    "limits": [
      {
        "counter": "account_followers_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Mastodon — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MASTODON →

Instant setup, no code required.

All 54 Mastodon tools

READ 30 tools
Read account_followers Get followers of an account. Read account_following Get accounts that a given account follows. Read account_get Get a Mastodon account by its numeric ID. Read account_relationships Get the authenticated user's relationship to one or more accounts. Read account_search account_search Read account_statuses account_statuses Read account_verify Get the authenticated account's own profile. Read blocks Get accounts blocked by the authenticated account. Read bookmarks Get statuses bookmarked by the authenticated account. Read directory directory Read favourites Get statuses favourited by the authenticated account. Read follow_requests Get pending follow requests for the authenticated account. Read instance_info Get information about the connected Mastodon instance. Read list_accounts Get accounts in a specific list. Read list_accounts_delete Remove accounts from a list. Read lists_get Get all lists created by the authenticated account. Read mutes Get accounts muted by the authenticated account. Read notifications_get notifications_get Read search search Read status_context Get ancestors and descendants of a status (thread context). Read status_favourited_by Get accounts that favourited a status. Read status_get Get a single status by ID. Read status_reblogged_by Get accounts that reblogged a status. Read timeline_hashtag timeline_hashtag Read timeline_home Get the authenticated user's home timeline. Read timeline_local Get the local (instance) public timeline. Read timeline_public Get the federated public timeline. Read trending_links Get trending links (articles) on the instance. Read trending_statuses Get trending statuses on the instance. Read trending_tags Get trending hashtags on the instance.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Mastodon

Can an AI agent delete data through the Mastodon MCP server? +

Yes. The Mastodon server exposes 4 destructive tools including list_delete, notification_dismiss, notifications_clear. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Mastodon? +

The Mastodon server has 20 write tools including account_block, account_follow, account_mute. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Mastodon.

How many tools does the Mastodon MCP server expose? +

54 tools across 3 categories: Destructive, Read, Write. 30 are read-only. 24 can modify, create, or delete data.

How do I enforce a policy on Mastodon? +

Register the Mastodon MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Mastodon tool call.

Deterministic rules across all 54 Mastodon tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

54 Mastodon tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.