// SCAN REPORT

SiYuan MCP Server

52 tools. 34 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated: 11 Jun 2026

34 can modify or destroy data

18 read-only

52 tools total

Community server · catalogue entry verified 11/06/2026

How to control SiYuan MCP Server ↓

TOOL MAP

Read (18) Write / Execute (29) Destructive / Financial (5)

MOST DANGEROUS TOOLS

Critical Risk

Destructive · High delete_block This tool deletes blocks (atomic units of content) from a notebook, which is an irreversible operation that destroys data. Destructive · High remove_doc The tool removes/deletes a document, which cannot be undone. Destructive · High remove_doc_by_id This tool permanently deletes documents by their ID without reversibility. Destructive · High remove_file The tool performs an irreversible deletion operation on files.

34 of SiYuan MCP Server's 52 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL SIYUAN MCP SERVER

PolicyLayer is an MCP gateway — it sits between your AI agents and SiYuan MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "delete_block": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "transfer_block_ref": {
    "limits": [
      {
        "counter": "transfer_block_ref_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "check_siyuan_status": {
    "limits": [
      {
        "counter": "check_siyuan_status_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register SiYuan MCP Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON SIYUAN →

Free to start. No card required.

ALL 52 SIYUAN MCP SERVER TOOLS

DESTRUCTIVE 5 tools

Destructive delete_block 删除块 Destructive remove_doc 删除文档 Destructive remove_doc_by_id 根据ID删除文档 Destructive remove_file 删除文件 Destructive remove_notebook 删除笔记本

EXECUTE 4 tools

Execute sql_query 执行 SQL 查询 Execute pandoc_convert Pandoc 转换 Execute render_sprig 渲染 Sprig Execute render_template 渲染模板

WRITE 25 tools

Write transfer_block_ref 转移块引用 Write append_block 插入后置子块 Write close_notebook 关闭指定笔记本 Write create_doc 在指定笔记本中新建文档 Write create_notebook 创建新笔记本 Write flush_transaction 提交事务 Write fold_block 折叠块 Write insert_block 插入块 Write move_block 移动块 Write move_docs 移动文档 Write move_docs_by_id 根据ID移动文档 Write open_notebook 打开指定笔记本 Write prepend_block 插入前置子块 Write push_err_msg 推送错误消息 Write push_msg 推送消息 Write put_file 写入文件 Write rename_doc 重命名文档 Write rename_doc_by_id 根据ID重命名文档 Write rename_file 重命名文件 Write rename_notebook 重命名笔记本 Write set_block_attrs 设置块属性 Write set_notebook_conf 保存笔记本配置 Write unfold_block 展开块 Write update_block 更新块 Write upload_asset 上传资源文件

READ 18 tools

Read check_siyuan_status 检查思源笔记状态和 API 可用性 Read get_block_attrs 获取块属性 Read get_block_kramdown 获取块 kramdown 源码 Read get_boot_progress 获取启动进度 Read get_child_blocks 获取子块 Read get_current_time 获取系统当前时间 Read get_file 获取文件 Read get_hpath_by_id 根据 ID 获取人类可读路径 Read get_hpath_by_path 根据路径获取人类可读路径 Read get_ids_by_hpath 根据人类可读路径获取 IDs Read get_notebook_conf 获取笔记本配置 Read get_path_by_id 根据 ID 获取存储路径 Read get_version 获取思源笔记版本 Read get_workspace_info 获取工作空间和连接信息 Read list_notebooks 列出所有笔记本 Read read_dir 列出文件 Read export_md_content 导出 Markdown 文本 Read export_resources 导出文件与目录

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Can an AI agent delete data through the SiYuan MCP Server MCP server? +

Yes. The SiYuan MCP Server server exposes 5 destructive tools including delete_block, remove_doc, remove_doc_by_id. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through SiYuan MCP Server? +

The SiYuan MCP Server server has 25 write tools including transfer_block_ref, append_block, close_notebook. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach SiYuan MCP Server.

How many tools does the SiYuan MCP Server MCP server expose? +

52 tools across 4 categories: Destructive, Financial, Read, Write. 18 are read-only. 34 can modify, create, or delete data.

How do I enforce a policy on SiYuan MCP Server? +

Register the SiYuan MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every SiYuan MCP Server tool call.

Deterministic rules across all 52 SiYuan MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON SIYUAN →

Free to start. No card required.

52 SiYuan MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

SiYuan MCP Server

// TOOL MAP

// MOST DANGEROUS TOOLS

// HOW TO CONTROL SIYUAN MCP SERVER

// ALL 52 SIYUAN MCP SERVER TOOLS

// RELATED SERVERS

// FAQ