// SCAN REPORT

Proxy

89 tools. 52 can modify or destroy data without limits.

11 destructive tools with no built-in limits. Policy required.

Last updated:

52 can modify or destroy data
37 read-only
89 tools total

Community server · catalogue entry verified 12/06/2026

How to control Proxy ↓

TOOL MAP

What Proxy exposes to your agents

Read (37) Write / Execute (41) Destructive / Financial (11)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Proxy tools

Destructive · Medium proxy_clear_traffic Clearing captured traffic data cannot be undone; once deleted from the buffer, the intercepted network traffic is lost. Destructive · Medium interceptor_docker_detach This tool irreversibly removes proxy configuration and cleans up (deletes) injected files from a Docker container. Destructive · High proxy_delete_session Deleting a recorded session from disk is a destructive action that cannot be undone. Destructive · Medium proxy_remove_host_upstream This tool irreversibly removes a configuration entry (per-host upstream proxy override).

52 of Proxy's 89 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Proxy

PolicyLayer is an MCP gateway — it sits between your AI agents and Proxy, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "interceptor_docker_detach": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "interceptor_android_deactivate": {
    "limits": [
      {
        "counter": "interceptor_android_deactivate_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "interceptor_android_devices": {
    "limits": [
      {
        "counter": "interceptor_android_devices_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Proxy — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON PROXY →

Free to start. No card required.

FULL CATALOGUE

All 89 Proxy tools

DESTRUCTIVE 11 tools
Destructive interceptor_docker_detach Remove proxy configuration from a Docker container and clean up injected files. Destructive proxy_clear_traffic Clear all captured traffic from the buffer. Destructive proxy_delete_session Delete a recorded session from disk. Destructive proxy_remove_host_upstream Remove a per-host upstream proxy override. Destructive proxy_remove_rule Delete an interception rule. Destructive proxy_session_stop Stop persistent on-disk capture and finalize the active session. Destructive interceptor_deactivate_all Kill ALL active interceptors across all types. Emergency cleanup — stops all browser instances, kills spawned Destructive interceptor_kill Kill a spawned process by target ID. Also retrieves final stdout/stderr output. Destructive proxy_mobile_teardown Reverse proxy_mobile_setup: deactivate the Android target if any, stop the transparent + explicit listeners, a Destructive interceptor_browser_close Close a browser instance launched by interceptor_browser_launch (or interceptor_camoufox_launch). Destructive interceptor_camoufox_close Close a camoufox instance launched by interceptor_camoufox_launch. Kills the Python launcher, removes the temp
EXECUTE 30 tools
Execute interceptor_browser_evaluate Execute a JS file in the page and return its result. Execute interceptor_browser_launch Launch cloakbrowser (stealth Chromium) with proxy flags and SPKI certificate trust. Built-in source-level fing Execute interceptor_browser_navigate Navigate the browser target Execute interceptor_camoufox_launch Launch camoufox (anti-detect Firefox) as a Playwright WebSocket server, proxied through proxy-mcp with NSS CA Execute proxy_session_start Start persistent on-disk capture for the current proxy run. Execute proxy_start Start the HTTPS MITM proxy. Auto-generates a CA certificate. Returns port, URL, cert fingerprint, and setup in Execute proxy_start_transparent Start the transparent proxy listener. Receives iptables-redirected traffic (no CONNECT tunnels). Shares the sa Execute proxy_stop Stop the MITM proxy. Traffic history and CA certificate are retained. Execute proxy_stop_transparent Stop the transparent proxy listener. Execute humanizer_idle Simulate idle behavior with mouse micro-jitter and occasional micro-scrolls. Execute interceptor_browser_inject_init_script Inject a JS file as an init script (Playwright Execute interceptor_frida_detach Detach Frida session from an Android app, removing injected scripts. Execute interceptor_spawn Spawn a command with proxy env vars pre-configured (HTTP_PROXY, HTTPS_PROXY, SSL_CERT_FILE, NODE_EXTRA_CA_CERT Execute proxy_replay_session Replay selected requests from a recorded/imported session. Default mode is dry_run for safety. Execute proxy_rewrite_url Rewrite request URLs matching a pattern. Creates a passthrough rule with body match-replace on the URL. Execute humanizer_click Click an element. Pass one of: selector (CSS/XPath), role + optional name, Execute humanizer_move Move mouse to target coordinates via the backend Playwright page. Execute humanizer_scroll Dispatch a wheel event. Raw page.mouse.wheel — single event, not multi-step. Execute humanizer_type Type text into the focused element via page.keyboard.type. Execute interceptor_android_activate Full Android interception: inject CA cert into system store (root required), set up ADB reverse tunnel, and op Execute interceptor_android_setup Quick setup: push CA cert + ADB reverse tunnel only (no Wi-Fi proxy). Equivalent to interceptor_android_activa Execute interceptor_browser_add_script_tag Append a <script> element to the current page (Playwright Execute interceptor_docker_attach Inject proxy env vars and CA certificate into a Docker container. Two modes: Execute interceptor_frida_attach Attach to an Android app via Frida and inject SSL unpinning + proxy redirect scripts. Bypasses certificate pin Execute proxy_add_rule Add an interception rule with a matcher and handler. Rules are evaluated by priority (ascending), first match Execute proxy_enable_server_tls_capture Toggle server-side JA3S capture. When enabled, outgoing TLS connections are intercepted to extract the server Execute proxy_inject_headers Add or overwrite headers on matching traffic. Creates a passthrough rule with header transforms. Execute proxy_mobile_setup One-command mobile capture: start explicit + transparent listeners, optionally inject the CA on an Android dev Execute proxy_set_fingerprint_spoof Enable outgoing TLS + HTTP/2 fingerprint spoofing via impit (native TLS impersonation, no Docker required). Su Execute proxy_set_ja3_spoof Legacy: enable fingerprint spoofing (deprecated, use proxy_set_fingerprint_spoof with a preset). The ja3 param
WRITE 11 tools
Write interceptor_android_deactivate Remove ADB reverse tunnel and clear Wi-Fi proxy on an Android device. Write proxy_clear_ja3_spoof Disable fingerprint spoofing. Write proxy_clear_upstream Remove the global upstream proxy. Traffic will go directly to target servers. Write proxy_mock_response Return a mock response for matched requests. Creates a mock rule. Write proxy_session_recover Rebuild session indexes from records after crash/corruption. Write proxy_disable_rule Disable an interception rule without removing it. Write proxy_enable_rule Enable a disabled interception rule. Write proxy_import_har Import a HAR file from disk into a new persisted session for querying, findings, and replay. Write proxy_set_host_upstream Set a per-host upstream proxy override. Traffic to this hostname will use the specified proxy instead of the g Write proxy_set_upstream Set a global upstream proxy for all outgoing traffic. Supports socks4://, socks5://, http://, https://, and pa Write proxy_update_rule Modify an existing interception rule.
READ 37 tools
Read interceptor_android_devices List connected Android devices via ADB with model, version, root status, and whether they Read interceptor_browser_get_cookie Get one cookie by cookie_id with full value (subject to a hard cap to keep output bounded). Read interceptor_browser_get_network_field Get one full header field value from proxy-captured traffic by field_id. Read interceptor_browser_get_storage_value Get one localStorage/sessionStorage value by item_id. Read interceptor_browser_list_console List console messages buffered since the browser was launched. Types: log, info, warning, error, debug, etc. Read interceptor_browser_list_cookies List cookies from the browser context with pagination and truncated value previews. Read interceptor_browser_list_network_fields List request/response header fields from proxy-captured traffic since the browser was launched, with paginatio Read interceptor_browser_list_storage_keys List localStorage/sessionStorage keys for the current origin with pagination and truncated value previews. Read interceptor_browser_screenshot Take a screenshot of the bound page. Saves to file_path if provided; otherwise reports byte count without embe Read interceptor_browser_snapshot Take an ARIA accessibility snapshot of the bound page (YAML-formatted role tree). Read interceptor_camoufox_info Get the wsUrl and ready-to-paste Playwright connect snippets (TS + Python) for a camoufox target. Read interceptor_camoufox_list List all active camoufox instances with their wsUrl and fingerprint details. Read interceptor_frida_apps List running apps on an Android device via Frida. Requires frida-server running on the device. Read interceptor_list List all interceptors with their availability and active targets. Shows Browser, Terminal, Android ADB, Androi Read interceptor_status Get detailed status of a specific interceptor, including all active targets and their details. Read proxy_check_fingerprint_runtime Check fingerprint spoofing backend readiness without sending traffic. Read proxy_get_ca_cert Get the CA certificate PEM and SPKI fingerprint for installing on the target device. Read proxy_get_exchange Get full details of a captured HTTP exchange including headers and body previews. Read proxy_get_session Get manifest/details for a specific recorded session. Read proxy_get_session_exchange Get one exchange from a recorded session by seq or exchange ID. Read proxy_get_session_handshakes Summarize TLS handshake/fingerprint availability (JA3/JA4/JA3S) for session exchanges. Read proxy_get_tls_config Get current TLS capture and spoofing configuration. Read proxy_get_tls_fingerprints Get JA3/JA4 client fingerprints and JA3S server fingerprint for a specific captured exchange. Read proxy_list_fingerprint_presets List available browser fingerprint presets for use with proxy_set_fingerprint_spoof. Read proxy_list_rules List all interception rules sorted by priority. Read proxy_list_sessions List recorded sessions in storage. Read proxy_list_tls_fingerprints List unique client JA3/JA4 fingerprints across captured traffic with occurrence counts. Read proxy_list_traffic List captured HTTP exchanges with optional filters. Returns paginated results. Read proxy_mobile_detect_iface Auto-detect the USB-NCM interface the proxy-ap-card presents as (via the cdc_ncm driver). Returns null + iface Read proxy_query_session Query indexed session exchanges by metadata (URL, hostname, method, status) with filters and pagination. Does Read proxy_search_session_bodies Search inside HTTP request/response bodies stored in a persistent session. Read proxy_search_traffic Full-text search across URLs, headers, and body previews of captured traffic. Read proxy_session_status Get current persistent capture runtime status. Read proxy_status Get proxy running state, port, upstream config, rule count, and traffic count. Read proxy_test_rule_match Test which interception rules would match a request, with detailed per-field pass/fail diagnostics and effecti Read proxy_transparent_status Get status of the transparent proxy listener including port and traffic count. Read proxy_export_har Export a recorded session (or filtered subset) to HAR format.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Proxy

Can an AI agent delete data through the Proxy MCP server? +

Yes. The Proxy server exposes 11 destructive tools including interceptor_docker_detach, proxy_clear_traffic, proxy_delete_session. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Proxy? +

The Proxy server has 11 write tools including interceptor_android_deactivate, proxy_clear_ja3_spoof, proxy_clear_upstream. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Proxy.

How many tools does the Proxy MCP server expose? +

89 tools across 4 categories: Destructive, Execute, Read, Write. 37 are read-only. 52 can modify, create, or delete data.

How do I enforce a policy on Proxy? +

Register the Proxy MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Proxy tool call.

Deterministic rules across all 89 Proxy tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON PROXY →

Free to start. No card required.

89 Proxy tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.