Woocommerce

55 tools. 23 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

23 can modify or destroy data
32 read-only
55 tools total

Community server · catalogue entry verified 30/06/2026

How to control Woocommerce ↓

What Woocommerce exposes to your agents

Read (32) Write / Execute (19) Destructive / Financial (4)
Critical Risk

The most dangerous Woocommerce tools

23 of Woocommerce's 55 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Woocommerce

PolicyLayer is an MCP gateway — it sits between your AI agents and Woocommerce, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "woo_orders_refunds_create": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations
{
  "woo_coupons_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "woo_coupons_create": {
    "limits": [
      {
        "counter": "woo_coupons_create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "woo_coupons_get": {
    "limits": [
      {
        "counter": "woo_coupons_get_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Woocommerce — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON WOOCOMMERCE →

Instant setup, no code required.

All 55 Woocommerce tools

READ 32 tools
Read woo_coupons_get Get a specific coupon by ID Read woo_coupons_list List coupons with optional filters. IMPORTANT: Use perPage parameter to control how many results to return (de Read woo_customers_get Get a specific customer by ID Read woo_customers_list List customers with optional filters. IMPORTANT: Use perPage parameter to control how many results to return ( Read woo_orders_get Get a specific order by ID Read woo_orders_list List orders with optional filters. IMPORTANT: Use perPage parameter to control how many results to return (def Read woo_payment_gateways_get Get a payment gateway Read woo_payment_gateways_list List payment gateways Read woo_products_categories_list List product categories. Use perPage and page parameters for pagination (default: 10 items per page). Read woo_products_get Get a specific product by ID Read woo_products_list List products with optional filters. IMPORTANT: Use perPage parameter to control how many results to return (d Read woo_products_reviews_list List product reviews. Use perPage and page parameters for pagination (default: 10 items per page). Read woo_products_tags_list List product tags. Use perPage and page parameters for pagination (default: 10 items per page). Read woo_products_variations_list List product variations. Use perPage and page parameters for pagination (default: 10 items per page). Read woo_reports_customers Get customers report Read woo_reports_low_stock Get low stock report. Use perPage and page parameters to control pagination. Read woo_reports_orders Get orders report Read woo_reports_products Get products report. Use perPage and page parameters to control pagination. Read woo_reports_sales Get sales report Read woo_reports_stock Get stock report. Use perPage and page parameters to control pagination. Read woo_reports_top_sellers Get top sellers report. Use perPage and page parameters to control pagination. Read woo_settings_get Get settings for a group Read woo_settings_list List settings groups Read woo_shipping_zone_methods_list List methods for a shipping zone Read woo_shipping_zones_get Get a shipping zone Read woo_shipping_zones_list List shipping zones Read woo_system_status Get system status information Read woo_system_tools_list List system tools Read woo_tax_classes_list List tax classes Read woo_tax_rates_get Get a tax rate Read woo_tax_rates_list List tax rates. Use perPage and page parameters to control pagination. Read woo_webhooks_list List webhooks. Use perPage and page parameters to control pagination.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Woocommerce

Can an AI agent move money through the Woocommerce MCP server? +

Yes. The Woocommerce server exposes 1 financial tools including woo_orders_refunds_create. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Woocommerce MCP server? +

Yes. The Woocommerce server exposes 3 destructive tools including woo_coupons_delete, woo_orders_delete, woo_products_delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Woocommerce? +

The Woocommerce server has 18 write tools including woo_coupons_create, woo_coupons_update, woo_customers_create. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Woocommerce.

How many tools does the Woocommerce MCP server expose? +

55 tools across 4 categories: Destructive, Execute, Read, Write. 32 are read-only. 23 can modify, create, or delete data.

How do I enforce a policy on Woocommerce? +

Register the Woocommerce MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Woocommerce tool call.

Deterministic rules across all 55 Woocommerce tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

55 Woocommerce tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.