// SCAN REPORT

ZMCPTools

70 tools. 43 can modify or destroy data without limits.

13 destructive tools with no built-in limits. Policy required.

Last updated:

43 can modify or destroy data
27 read-only
70 tools total

Community server · catalogue entry verified 11/06/2026

How to control ZMCPTools ↓

TOOL MAP

Read (27) Write / Execute (30) Destructive / Financial (13)

MOST DANGEROUS TOOLS

Critical Risk
Destructive · Medium cancel_scrape_job Cancelling a job is an irreversible operation — once a scraping job is cancelled, any progress and queued work is lost and cannot be resumed. Destructive · High delete_all_website_pages This tool irreversibly deletes data at scale (all pages for a website). Destructive · High delete_execution_plan This tool permanently removes execution plans from the system. Destructive · High delete_pages_by_ids This tool permanently removes pages from the system based on provided IDs.

43 of ZMCPTools's 70 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL ZMCPTOOLS

PolicyLayer is an MCP gateway — it sits between your AI agents and ZMCPTools, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cancel_scrape_job": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "join_room": {
    "limits": [
      {
        "counter": "join_room_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "navigate_dom_path": {
    "limits": [
      {
        "counter": "navigate_dom_path_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register ZMCPTools — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON ZMCPTOOLS →

Free to start. No card required.

ALL 70 ZMCPTOOLS TOOLS

DESTRUCTIVE 13 tools
Destructive cancel_scrape_job Cancel an active or pending scraping job Destructive delete_all_website_pages Delete all pages for a website (useful for clean slate before re-scraping) Destructive delete_execution_plan Delete an execution plan by ID Destructive delete_pages_by_ids Delete specific pages by their IDs Destructive delete_pages_by_pattern Delete website pages matching URL patterns (useful for cleaning up version URLs, static assets) Destructive delete_room Permanently delete a communication room and all its messages Destructive force_unlock_job Force unlock a stuck scraping job - useful for debugging and recovery Destructive remove_file_analysis Remove analysis data for a deleted file from the TreeSummary system Destructive run_comprehensive_cleanup Run comprehensive cleanup for both agents and rooms with detailed reporting Destructive cleanup_orphaned_projects Clean up orphaned or unused project directories Destructive cleanup_stale_agents Clean up stale agents with enhanced options and optional room cleanup Destructive cleanup_stale_analyses Clean up stale analysis files older than specified days Destructive cleanup_stale_rooms Clean up stale rooms based on activity and participant criteria
EXECUTE 15 tools
Execute force_unlock_stuck_jobs Force unlock all stuck scraping jobs (jobs that haven\ Execute execute_browser_script [LEGACY] Execute JavaScript in the browser context. Use interact_with_page instead. Execute execute_with_plan Execute an objective using a pre-created execution plan with well-defined agent tasks Execute navigate_and_scrape Navigate to a URL and optionally scrape content in one operation. Auto-creates session if needed. Execute navigate_to_url [LEGACY] Navigate to a URL in an existing browser session. Use navigate_and_scrape instead. Execute orchestrate_objective_structured Execute structured phased orchestration with intelligent model selection (Research → Plan → Execute → Monitor Execute broadcast_message_to_agents Broadcast a message to multiple agents with auto-resume functionality Execute continue_agent_session Continue an agent session using stored conversation session ID with additional instructions Execute interact_with_element [LEGACY] Interact with a page element. Use interact_with_page instead. Execute interact_with_page Perform multiple interactions with a page: click, type, hover, select, screenshot, wait, scroll Execute orchestrate_objective Spawn architect agent to coordinate multi-agent objective completion Execute scrape_documentation Scrape documentation from a website using intelligent sub-agents. Jobs are queued and processed automatically Execute spawn_agent Spawn fully autonomous Claude agent with complete tool access Execute create_browser_session Create a new browser session with intelligent auto-close and session management Execute manage_browser_sessions Manage browser sessions: list, close, cleanup idle sessions, get status
WRITE 15 tools
Write join_room Join communication room for coordination Write report_progress Report progress updates for agent tasks and status changes Write store_knowledge_memory Store a knowledge graph memory with entity creation Write close_browser_session [LEGACY] Close a browser session. Use manage_browser_sessions instead. Write close_room Close a communication room (soft delete - marks as closed but keeps data) Write create_delayed_room Create a delayed room for coordination when agents realize they need it Write create_execution_plan Create comprehensive execution plan using sequential thinking before spawning agents Write create_knowledge_relationship Create a relationship between two entities in the knowledge graph Write create_task Create and assign task to agents with enhanced capabilities Write easy_replace Fuzzy string replacement in files with smart matching Write send_message Send message to coordination room Write terminate_agent Terminate one or more agents Write update_execution_plan Update an execution plan\ Write update_file_analysis Update or create analysis data for a specific file in the TreeSummary system Write update_project_metadata Update project metadata in the TreeSummary system
READ 27 tools
Read navigate_dom_path Navigate to specific elements in DOM JSON using dot notation paths (e.g., Read wait_for_messages Wait for messages in a room Read analyze_coordination_patterns Analyze coordination patterns and suggest improvements Read analyze_dom_structure AI-guided exploration and analysis of DOM structure using goal-oriented patterns. Analyzes stored DOM JSON to Read analyze_file_symbols Extract and analyze symbols (functions, classes, etc.) from code files Read analyze_project_structure Analyze project structure and generate a comprehensive overview Read analyze_screenshot AI-powered analysis of page screenshots with custom prompts. Can focus on specific regions and provide context Read find_files Search for files by pattern with optional content matching Read find_related_entities Find related entities through relationship traversal Read get_cleanup_configuration Get current cleanup configuration and settings for agents and rooms Read get_execution_plan Retrieve a previously created execution plan Read get_page_screenshot Retrieve stored screenshot for a page. Returns file path or base64 encoded image data for AI visual analysis. Read get_project_overview Get comprehensive project overview from TreeSummary analysis Read get_scraping_status Get status of active and recent scraping jobs (worker runs automatically) Read list_agents Get list of active agents Read list_browser_sessions [LEGACY] List all browser sessions. Use manage_browser_sessions instead. Read list_documentation_sources List all configured documentation sources Read list_execution_plans List execution plans for discovery and monitoring Read list_files List files in a directory with smart ignore patterns Read list_room_messages List messages from a specific room with pagination Read list_rooms List communication rooms with filtering and pagination Read monitor_agents Monitor agents with real-time updates using EventBus system Read scrape_content [LEGACY] Scrape content from the current page. Use navigate_and_scrape instead. Read search_dom_elements Search for DOM elements by type, content, keywords, or attributes. Returns matching elements with their paths Read search_knowledge_graph Search the knowledge graph using semantic or basic search Read take_screenshot [LEGACY] Take a screenshot of the current page. Use interact_with_page instead. Read generate_project_summary Generate AI-optimized project overview and analysis

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
adminautomation
Binance MCP Server 734 tools
adminautomation
Nodebench 724 tools
adminautomation
GoHighLevel MCP Server 566 tools
adminautomation
UnClick 451 tools
adminautomation
NowAIKit — ServiceNow AI Toolkit 446 tools
adminautomation
Mcp Windows 441 tools
adminautomation
0nmcp 407 tools
adminautomation

FAQ

Can an AI agent delete data through the ZMCPTools MCP server? +

Yes. The ZMCPTools server exposes 13 destructive tools including cancel_scrape_job, delete_all_website_pages, delete_execution_plan. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through ZMCPTools? +

The ZMCPTools server has 15 write tools including join_room, report_progress, store_knowledge_memory. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach ZMCPTools.

How many tools does the ZMCPTools MCP server expose? +

70 tools across 4 categories: Destructive, Execute, Read, Write. 27 are read-only. 43 can modify, create, or delete data.

How do I enforce a policy on ZMCPTools? +

Register the ZMCPTools MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every ZMCPTools tool call.

Deterministic rules across all 70 ZMCPTools tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON ZMCPTOOLS →

Free to start. No card required.

70 ZMCPTools tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.