LocalAnt

216 tools. 117 can modify or destroy data without limits.

10 destructive tools with no built-in limits. Policy required.

Last updated:

117 can modify or destroy data
99 read-only
216 tools total

Community server · catalogue entry verified 02/07/2026

How to control LocalAnt ↓

What LocalAnt exposes to your agents

Read (99) Write / Execute (106) Destructive / Financial (10)
Critical Risk

The most dangerous LocalAnt tools

117 of LocalAnt's 216 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control LocalAnt

PolicyLayer is an MCP gateway — it sits between your AI agents and LocalAnt, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "adb_clear_logcat": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "adb_pull": {
    "limits": [
      {
        "counter": "adb_pull_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "adb_current_package": {
    "limits": [
      {
        "counter": "adb_current_package_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register LocalAnt — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON LOCALANT →

Instant setup, no code required.

All 216 LocalAnt tools

EXECUTE 60 tools
Execute adb_input_text Type text on the device (audited). Execute adb_install_apk Install an APK (path must be inside an allowed directory). Requires approval (risk 3). Execute adb_keyevent Send a key event (e.g. 4 = BACK). Execute adb_shell Run an adb shell command. Dangerous commands (rm -rf, reboot, wipe, …) are rejected. Risk 3. Execute adb_start_app Start an app by package/activity. Execute adb_stop_app Force-stop an app by package. Execute adb_swipe Swipe between coordinates. Execute adb_tap Tap at x,y. Execute agent_run ${DEPRECATED} Delegate to a local coding agent. mode=plan returns a plan; mode=execute starts an execution tas Execute approval_approve Approve a pending request. scope Execute autopilot Delegate a natural-language local task to LocalAnt Execute bash Run a shell command (bash -c) inside an allowed directory. Pipelines and && chaining work. Blocked commands (s Execute browser_click Click an element by selector. Execute browser_close Close the browser. Execute browser_evaluate Evaluate JavaScript in the page context (risk 4). Execute browser_open Open a URL in an isolated browser and return the title. Execute browser_press Press a keyboard key (e.g. Enter, Tab). Execute browser_scroll Scroll the page by (x, y) pixels. Execute browser_select Select an option in a <select> by selector + value. Execute browser_type Type into an input by selector. Execute browser_wait_for Wait for a selector to appear. Execute coding_agent_continue_task ${DEPRECATED} Continue a task with additional instructions on the same branch. Execute coding_agent_run_validation ${DEPRECATED} Run a validate/test command in a working directory. Execute coding_agent_start_task ${DEPRECATED} Start an execution task with a coding agent. Execute coding_agent_stop_task ${DEPRECATED} Stop a running task. Execute computer_double_click Double-click at x,y (screenshot coordinates). Requires approval (risk 3). Execute computer_drag Drag from x1,y1 to x2,y2 (screenshot coordinates). Requires approval (risk 3). Execute computer_left_click Left-click at x,y (screenshot coordinates). Requires approval (risk 3). Execute computer_move_mouse Move the mouse cursor to x,y (screenshot coordinates) without clicking. Execute computer_open_app Open (or bring to front) an application by name, e.g. Execute computer_paste_text Put text on the clipboard and paste it with Cmd+V (faster and more reliable than computer_type Execute computer_right_click Right-click at x,y (screenshot coordinates). Requires approval (risk 3). Execute computer_scroll Scroll the focused element by sending Page Up/Down key presses (click the target area first Execute computer_type Type text at the current focus (newlines become Return presses). Requires approval (risk 3). Execute desktop_commander_run_tool ${DEPRECATED} Run a Desktop Commander tool through the MCP bridge. Execute git_checkout_branch Checkout an existing branch. Execute lsp_diagnostics Run TypeScript diagnostics (tsc --noEmit) for a project path. Falls back to install guidance if tsc is missing Execute mcp_server_run_tool Invoke a tool on a downstream MCP server through the gateway. Risk 3. Execute openclaw_node_command ${DEPRECATED} Run a command on an OpenClaw node. Execute openclaw_run_skill ${DEPRECATED} Run an OpenClaw skill. Execute openclaw_send_session ${DEPRECATED} Send a message to an OpenClaw session. Execute project_install_deps Install project dependencies using the detected package manager. Execute project_run_validation Run the project Execute restart_gateway Reload configuration into the running gateway. Execute shell_request_command_approval Request approval to run a command that is NOT on the allowlist. Returns an approval id; once approved, call sh Execute shell_run_allowed_command Run a command from the allowlist. Pipelines/redirection/chaining are rejected. Execute shell_run_approved_command Run an arbitrary command (still subject to the hard blocklist). Requires approval (risk 3). Execute shell_run_background Start a long-running command as a tracked background process. Returns a processId. Execute shell_stop Stop a tracked background process. Execute shell_stop_process Stop a tracked process. Execute skill_enable Enable a skill after reviewing its permissions. Validates first. Execute skill_publish_to_git Initialize/commit a skill directory ready to push to a git remote. Execute skill_run Run a tool exposed by an enabled skill in an isolated subprocess. Execute tunnel_restart Restart the public tunnel. Execute tunnel_start Start the public tunnel on the live gateway port. Execute tunnel_stop Stop the public tunnel. Execute video_studio_generate_audio Generate free local narration audio with VOICEVOX first, macOS say preview fallback, or FFmpeg silence fallbac Execute video_studio_generate_video Run assets, audio, captions, render, review, and publish_prepare in one local free pipeline. Execute video_studio_publish_video Dry-run or prepare a browser/manual publish action. Risk 4 for real publishing. Execute video_studio_render_video Render a local upload-ready MP4 with Remotion primary or FFmpeg static-slide fallback.
WRITE 46 tools
Write adb_pull Pull a file from the device into the workspace directory. Risk 3. Write adb_push Push a local file (inside an allowed directory) to the device. Risk 3. Write apply_patch Apply a unified diff / patch to a working directory using git apply (dry-run checked, paths validated, backups Write browser_save_pdf Save the current page as PDF into the workspace. Write browser_upload_file Prepare a Playwright file-upload action for a LocalAnt Video Studio output file. Write copy_file Copy a file within the allowlist (backup kept if destination exists). Write create_directory Create a directory (recursive) inside the allowlist. Write edit Replace a unique string in a file (oldString -> newString). Keeps a backup and returns a diff. Pass replaceAll Write fs_add_allowed_directory Add a directory to the filesystem allowlist. Write fs_apply_patch_with_backup Replace an existing file Write fs_backup_file Create a backup of a file. Write fs_create_file Create a file, optionally overwriting (a backup is kept on overwrite). Write fs_move_file Move/rename a file within the allowlist. Write fs_remove_allowed_directory Remove a directory from the filesystem allowlist. Write fs_restore_backup Restore a previously created backup by id. Write fs_write_draft_file Create a NEW draft file. Refuses to overwrite existing files. Write git_add Stage files (git add). Stages everything when no paths given. Write git_apply_patch Apply a unified diff to the repo (git apply, with a dry-run check first). Write git_commit Commit changes with a message (optionally git add -A first). Write git_create_branch Create and checkout a new branch. Write git_create_patch Create a patch of current changes. Write git_stash Stash working-tree changes (git stash push). Write lsp_rename_symbol Rename the symbol at a 1-indexed line/character across the project (TypeScript/JavaScript). Risk 2. Write mcp_import_all_agent_configs Import MCP servers from Claude Code, Codex, and OpenCode configs. Imported servers start disabled. Write mcp_import_claude_config Import MCP servers from Claude Code config (.mcp.json / ~/.claude.json). Imported servers start disabled. Write mcp_import_codex_config Import MCP servers from Codex config (~/.codex/config.toml / .codex/config.toml). Imported servers start disab Write mcp_import_opencode_config Import MCP servers from OpenCode config (opencode.json / opencode.jsonc). Imported servers start disabled. Write mcp_server_register Register a downstream MCP server (stdio or streamable-http) to bridge through the gateway. Write multi_edit Apply a sequence of string-replace edits to one file atomically (all validated before any write). Keeps a sing Write permission_set Update security permissions (mode / allowedDirectories / allowedCommands). Write risk_policy_set Set the risk policy (mode and/or whether risk-1 actions need approval). Write secret_set Store a secret by name. The value is encrypted and never returned by any tool. Write shell_add_allowed_command Add a command prefix to the allowlist. Write skill_create Create a skill skeleton (always saved DISABLED). Write skill_disable Disable a skill. Write skill_generate_from_prompt Generate a new skill skeleton from a natural-language spec. The skill is saved DISABLED with declared permissi Write skill_install_from_git Clone a skill from a git URL into the skills directory (saved DISABLED). Write skill_update_permissions Update a skill Write update_config Patch the configuration. Pass a partial config object to merge. Write video_studio_add_asset Import a local ChatGPT-generated image file into a Video Studio scene asset. Write video_studio_configure Configure Video Studio. Paid external video generation is not enabled by this tool. Write video_studio_create_project Create a Video Studio project manifest, script, storyboard, directories, and run log. Write video_studio_create_script Create a Shorts/Reels script without an LLM API. Write video_studio_generate_assets Generate free local scene PNG assets. Write video_studio_generate_captions Generate SRT, ASS, and word timing JSON captions. Write video_studio_publish_prepare Write platform metadata JSON files without network action.
READ 99 tools
Read adb_current_package Get the current foreground package name. Read adb_dump_ui Dump the current UI hierarchy (uiautomator). Read adb_get_current_activity Get the foreground activity. Read adb_list_devices List connected Android devices. Read adb_logcat Dump recent logcat output. Read adb_pull_screenshot Pull the captured screenshot into the workspace directory. Read adb_screen_size Get the device screen size. Read adb_screenshot Capture a screenshot to the device and report the path. Read approval_deny Deny a pending approval request. Read approval_get Get a single approval request by id. Read approval_list_pending List pending approval requests awaiting the user Read audit_export_logs Export all audit entries as a JSON array. Read audit_get_log Get a single audit entry by id. Read audit_list_logs List recent audit log entries (most recent first). Read audit_search_logs Search audit entries by tool name, input or error text. Read browser_console_logs Return console logs captured since the page opened. Read browser_extract_text Extract visible text from a selector (default body). Read browser_get_html Get the current page HTML. Read browser_get_url Get the current page URL. Read browser_screenshot Screenshot the current page into the workspace. Read browser_use_profile Opt in to using a login-capable browser profile (default: isolated profile). Risk 3. Read coding_agent_get_diff ${DEPRECATED} Get the git diff produced by a task. Read coding_agent_get_logs ${DEPRECATED} Get captured logs for a task. Read coding_agent_get_result ${DEPRECATED} Get a task result summary including current diff. Read coding_agent_get_task ${DEPRECATED} Get task metadata and status. Read coding_agent_list ${DEPRECATED} List configured coding agents and whether their CLI is available. Read coding_agent_plan ${DEPRECATED} Ask a coding agent to produce an implementation PLAN only. Read coding_agent_status ${DEPRECATED} Get status for one coding agent. Read command_exists Check whether a binary is resolvable on PATH. Read computer_cursor_position Get the current mouse cursor position. Read computer_list_apps List visible running applications and the frontmost app. Read computer_screen_info Get the logical resolution of the main display (the coordinate space for computer_ tools). Read computer_screenshot Capture a screenshot of the main display. Returns the image (resampled to logical resolution, Read desktop_commander_list_tools ${DEPRECATED} List Desktop Commander tools through the MCP bridge. Read desktop_commander_status ${DEPRECATED} Check whether Desktop Commander MCP server is configured. Read fs_get_file_info Get metadata for a file or directory. Read fs_list_allowed_directories List filesystem access policy. In Read fs_list_backups List available file backups. Read fs_list_files List files in a directory inside the allowlist. Read fs_read_file Read a text file inside the allowlist. If the file is an image (PNG, JPEG, GIF, WebP, SVG), it will be automat Read fs_read_file_range Read a line range from a file (1-indexed, inclusive). Read fs_read_image Read an image file (PNG, JPEG, GIF, WebP, SVG) inside the allowlist and return it as an image block. Read fs_search_content Search file contents for a substring under a directory. Read fs_search_files Find files by glob pattern under a directory. Read get_app_status Get gateway runtime status: ports, tunnel, uptime, platform. Read get_config Return the current configuration (secrets are never included). Read get_dashboard_url Return the local dashboard URL. Read get_mcp_endpoint Return the public MCP endpoint ChatGPT should connect to. Read get_tunnel_status Return the current tunnel provider and status. Read get_version Return the LocalAnt version. Read git_branch List branches. Read git_clean_preview Preview files that Read git_diff Show the working-tree diff. Read git_diff_file Show the diff for a single file. Read git_get_current_branch Get the current branch name. Read git_is_dirty Report whether the working tree has uncommitted changes. Read git_list_changed_files List changed files (porcelain). Read git_log Show recent commit log. Read git_status Show git status for a project or repo path. Read glob Find files matching a glob pattern (supports and ) under a directory. Skips node_modules/.git/dist/build/cove Read grep Recursively search file contents under a directory (regex or substring, case option, context lines, include/ex Read health_check Verify the local gateway is alive and reachable from ChatGPT. Read localant_autopilot_status ${DEPRECATED} Get one legacy task status. Read localant_doctor Read-only diagnostics for LocalAnt: connection/version, exposed tool count, allowed directories, tunnel/Tailsc Read localant_ui Open the LocalAnt ChatGPT UI home panel. Shows connection status, security mode, exposed tools, pending approv Read lsp_document_symbols List the symbols declared in a TypeScript/JavaScript file. Read lsp_find_references Find references to the symbol at a 1-indexed line/character (TypeScript/JavaScript). Read lsp_go_to_definition Find the definition of the symbol at a 1-indexed line/character (TypeScript/JavaScript). Read lsp_hover Get type/hover info for the symbol at a 1-indexed line/character (TypeScript/JavaScript). Read lsp_list_servers List known language servers and whether their binary is on PATH. Read lsp_status Report which language servers / toolchains are available. Read lsp_workspace_symbols Search workspace symbols (currently delegates to grep over the project). Read mcp_server_list List registered downstream MCP servers. Read mcp_server_list_tools List tools of a downstream MCP server (connects lazily). Read mcp_server_status Show status for a registered downstream MCP server. Read openclaw_get_session_history ${DEPRECATED} Get OpenClaw session history. Read openclaw_list_nodes ${DEPRECATED} List OpenClaw nodes. Read openclaw_list_sessions ${DEPRECATED} List OpenClaw sessions. Read openclaw_list_skills ${DEPRECATED} List OpenClaw skills. Read openclaw_status ${DEPRECATED} Check whether OpenClaw is installed and reachable. Read permission_get Get current security permissions (mode + allowed dirs/commands). Read project_get_package_scripts Read package.json scripts and detect the package manager for a directory. Read risk_policy_get Get the current risk policy (mode + whether risk-1 needs approval). Read secret_get_names List stored secret NAMES (never values). Read shell_get_output Get captured stdout/stderr/status for a tracked background process. Read shell_get_process_output Get captured output of a tracked process. Read shell_list_allowed_commands List the command prefixes that may be run without approval. Read shell_list_processes List tracked long-running processes. Read skill_info Get full details for a skill including manifest and validation. Read skill_list List installed skills with enabled state, risk level and permissions. Read skill_permissions Show the permission manifest for a skill. Read skill_search_registry Search configured skill registries (registry.json files) for skills. Read skill_validate Validate a skill Read video_studio_connect_account Return account connection guidance without bypassing login, CAPTCHA, or 2FA. Read video_studio_list_projects List Video Studio projects. Read video_studio_open_setup Return setup URL/instructions for Video Studio providers. Read video_studio_review_video Review rendered video with ffprobe where available. Read video_studio_status Return Video Studio status, local renderer readiness, and secret presence without secret values. Read video_studio_test_publisher Check publisher readiness without uploading.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about LocalAnt

Can an AI agent delete data through the LocalAnt MCP server? +

Yes. The LocalAnt server exposes 10 destructive tools including adb_clear_logcat, adb_uninstall, fs_delete_file_with_approval. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through LocalAnt? +

The LocalAnt server has 46 write tools including adb_pull, adb_push, apply_patch. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach LocalAnt.

How many tools does the LocalAnt MCP server expose? +

216 tools across 4 categories: Destructive, Execute, Read, Write. 99 are read-only. 117 can modify, create, or delete data.

How do I enforce a policy on LocalAnt? +

Register the LocalAnt MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every LocalAnt tool call.

Deterministic rules across all 216 LocalAnt tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

216 LocalAnt tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.