// SCAN REPORT

Fleet

39 tools. 19 can modify or destroy data without limits.

19 write tools that can modify data. Rate limits recommended.

Last updated:

19 can modify or destroy data
20 read-only
39 tools total

Community server · catalogue entry verified 11/06/2026

How to control Fleet ↓

TOOL MAP

What Fleet exposes to your agents

Read (20) Write / Execute (19) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Fleet tools

Execute · High fleet_audit_run This tool executes a compliance audit workflow on mobile app projects. Execute · High fleet_deploy This tool executes code/commands (Docker build, systemd restart) and triggers external operations in a production environment. Execute · Critical fleet_secrets_unseal This tool executes a decryption and unsealing operation that modifies the runtime state (/run/fleet-secrets/) and can overwrite unsaved changes, making it an Execute-category action. Execute · High fleet_git_push Pushing to a remote Git repository is an external operation with significant side effects: it modifies the remote repository state, can trigger CI/CD pipelines, and in a production deployment context (as described for th

19 of Fleet's 39 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Fleet

PolicyLayer is an MCP gateway — it sits between your AI agents and Fleet, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "fleet_deps_fix": {
    "limits": [
      {
        "counter": "fleet_deps_fix_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "fleet_secrets_drift": {
    "limits": [
      {
        "counter": "fleet_secrets_drift_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Fleet — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON FLEET →

Free to start. No card required.

FULL CATALOGUE

All 39 Fleet tools

EXECUTE 5 tools
Execute fleet_audit_run Run an App Store compliance audit on a mobile app project via greenlight preflight. Execute fleet_deploy Deploy an app: build and restart Execute fleet_secrets_unseal Decrypt vault to /run/fleet-secrets/. WARNING: This overwrites any runtime changes that were not sealed back t Execute fleet_deps_scan Run a fresh dependency scan across all registered apps Execute fleet_git_push Push current branch to origin
WRITE 14 tools
Write fleet_deps_fix Create a PR with dependency updates for an app (dry-run by default) Write fleet_audit_ignore Suppress a confirmed greenlight false positive from future audits. The finding is Write fleet_secrets_seal Seal runtime secrets back to the encrypted vault. Write fleet_deps_config Get or set dependency monitoring configuration Write fleet_deps_ignore Add an ignore rule for a dependency finding Write fleet_git_branch Create a feature branch from develop (or other base) and push it Write fleet_git_commit Stage tracked file changes and commit Write fleet_git_onboard Onboard an app to GitHub: create repo, push code, protect branches Write fleet_git_pr_create Create a pull request on GitHub Write fleet_git_release Create a release PR from develop to main Write fleet_nginx_add Create an nginx config for a domain Write fleet_register Register a new app in the fleet registry Write fleet_secrets_restore Restore vault from backup (.bak file). Write fleet_secrets_set Set a single secret key/value for an app.
READ 20 tools
Read fleet_secrets_drift Detect drift between vault (encrypted, survives reboot) and runtime (/run/fleet-secrets/, lost on reboot). Read fleet_audit_guidelines Look up Apple App Store Review Guidelines via greenlight. action Read fleet_audit_status Show the most recent App Store audit results from cache without re-running a scan. Read fleet_deps_app Dependency findings for a specific app Read fleet_deps_status Dependency health summary from cache — outdated packages, CVEs, EOL warnings, Docker image updates Read fleet_egress_snapshot Snapshot the current outbound TCP flows for an app and report which destinations are NOT in the configured all Read fleet_git_pr_list List pull requests for an app Read fleet_git_status Git state for one or all apps: branch, clean/dirty, onboard status Read fleet_logs DEPRECATED — prefer fleet_logs_recent (token-conservative defaults) or fleet_logs_summary. Get recent containe Read fleet_logs_recent Get recent log lines for an app, filtered to a level and bounded in size. Defaults are SMALL (50 lines, last 1 Read fleet_logs_search Bounded grep across recent container logs. Returns matching lines with 0 lines of context, capped at max_resul Read fleet_logs_status Per-container log driver, current size, and policy applied. Use to check which apps need fleet logs setup. Read fleet_logs_summary Cheap aggregate: counts of log lines by level + the top 10 distinct error/warning messages over a window. Use Read fleet_nginx_list List all nginx site configs Read fleet_secrets_get Get a single decrypted secret value from the vault. Read fleet_secrets_list List managed secrets for an app (masked values). Shows vault contents — use fleet_secrets_drift to check if ru Read fleet_secrets_status Show vault initialisation state, sealed/unsealed, counts. The vault is the encrypted source of truth that surv Read fleet_secrets_validate Validate compose secrets match vault. Returns missing/extra secrets per app. This checks that docker-compose s Read fleet_testflight_builds List an app Read fleet_testflight_doctor Check TestFlight publishing readiness for an app: GitHub CLI availability, the
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about Fleet

How do I prevent bulk modifications through Fleet? +

The Fleet server has 14 write tools including fleet_deps_fix, fleet_audit_ignore, fleet_secrets_seal. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Fleet.

How many tools does the Fleet MCP server expose? +

39 tools across 3 categories: Execute, Read, Write. 20 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on Fleet? +

Register the Fleet MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Fleet tool call.

Deterministic rules across all 39 Fleet tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON FLEET →

Free to start. No card required.

39 Fleet tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.