Immich

43 tools. 21 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated:

21 can modify or destroy data
22 read-only
43 tools total

Community server · catalogue entry verified 30/06/2026

How to control Immich ↓

What Immich exposes to your agents

Read (22) Write / Execute (15) Destructive / Financial (6)
Critical Risk

The most dangerous Immich tools

21 of Immich's 43 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Immich

PolicyLayer is an MCP gateway — it sits between your AI agents and Immich, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "immich_activities_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "immich_activities_create": {
    "limits": [
      {
        "counter": "immich_activities_create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "immich_activities_list": {
    "limits": [
      {
        "counter": "immich_activities_list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Immich — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON IMMICH →

Instant setup, no code required.

All 43 Immich tools

READ 22 tools
Read immich_activities_list List comments and likes for an album, optionally filtered by asset. Read immich_activities_statistics Get comment count for an album or specific asset within an album. Read immich_albums_get Get full details of an album including its assets. Read immich_albums_list List all albums. Optionally filter by shared status. Read immich_assets_get Get full metadata for a single asset by its ID. Read immich_assets_list List assets with optional filters. Returns paginated results. Read immich_assets_statistics Get asset counts broken down by type (images, videos, total). Read immich_assets_view immich_assets_view Read immich_capabilities Discover Immich server features and supported API capabilities. Read immich_duplicates_list immich_duplicates_list Read immich_people_get Get details for a specific person by ID. Read immich_people_list List all recognized people from face recognition. Supports pagination. Read immich_people_statistics Get asset count statistics for a specific person. Read immich_ping Verify connectivity and authentication with the Immich server. Returns server version and status. Read immich_search_explore Get discovery data: popular places, recognized people, and notable things in your library. Read immich_search_metadata Search assets using metadata filters: date range, type, location, camera model, person, filename. Read immich_search_smart Semantic search using CLIP/ML. Describe what you Read immich_shared_links_get Get details of a specific shared link by ID. Read immich_shared_links_list List all shared links. Read immich_tags_get Get details of a specific tag by ID. Read immich_tags_list List all tags in the library. Read immich_user_me Get the profile of the currently authenticated user (name, email, quota, role).

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Immich

Can an AI agent delete data through the Immich MCP server? +

Yes. The Immich server exposes 6 destructive tools including immich_activities_delete, immich_albums_delete, immich_assets_delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Immich? +

The Immich server has 15 write tools including immich_activities_create, immich_albums_add_assets, immich_albums_create. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Immich.

How many tools does the Immich MCP server expose? +

43 tools across 3 categories: Destructive, Read, Write. 22 are read-only. 21 can modify, create, or delete data.

How do I enforce a policy on Immich? +

Register the Immich MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Immich tool call.

Deterministic rules across all 43 Immich tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

43 Immich tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.