// SCAN REPORT

Security Framework

41 tools. 3 can modify or destroy data without limits.

2 write tools that can modify data. Rate limits recommended.

Last updated:

3 can modify or destroy data
38 read-only
41 tools total

Community server · catalogue entry verified 12/06/2026

How to control Security Framework ↓

TOOL MAP

What Security Framework exposes to your agents

Read (38) Write / Execute (2) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Security Framework tools

Write · Low generate_checklist The tool creates (writes) a checklist document, which is a reversible operation—checklists can be modified or deleted without permanent harm. Write · Medium update_database This tool modifies the local OWASP database by refreshing it from upstream sources.

3 of Security Framework's 41 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Security Framework

PolicyLayer is an MCP gateway — it sits between your AI agents and Security Framework, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "generate_checklist": {
    "limits": [
      {
        "counter": "generate_checklist_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "assess_mcp_security": {
    "limits": [
      {
        "counter": "assess_mcp_security_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Security Framework — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SECURITY FRAMEWORK →

Free to start. No card required.

FULL CATALOGUE

All 41 Security Framework tools

WRITE 2 tools
Write generate_checklist generate_checklist Write update_database Rebuild the local OWASP database from upstream sources.
READ 38 tools
Read assess_mcp_security Assess an MCP server deployment against the OWASP MCP Top 10 security risks. Read assess_stack Given a technology stack, recommend relevant OWASP security guidelines, cheat sheets, and test cases. Read compliance_map compliance_map Read cross_reference cross_reference Read database_status Show local database availability, freshness, and path. Read get_api_top10 Get OWASP API Security Top 10 2023 items with CWE mappings. Read get_asvs get_asvs Read get_attack_pattern get_attack_pattern Read get_cheatsheet Get an OWASP Cheat Sheet by name, or list all available cheat sheets. Read get_cve_detail Fetch detailed information for a specific CVE from the live NVD database. Read get_cwe Look up a CWE (Common Weakness Enumeration) by ID with description and OWASP cross-references. Read get_llm_top10 Get OWASP Top 10 for LLM Applications 2025 items with CWE mappings. Read get_masvs get_masvs Read get_mcp_top10 Get OWASP Top 10 for MCP Servers 2025 — security risks specific to MCP deployments. Read get_nice_roles get_nice_roles Read get_nist_cmvp get_nist_cmvp Read get_nist_control get_nist_control Read get_nist_csf get_nist_csf Read get_nist_glossary Look up NIST cybersecurity terms and definitions. Read get_nist_mapping get_nist_mapping Read get_nist_pf get_nist_pf Read get_nist_publication get_nist_publication Read get_nist_rmf Get NIST SP 800-37 Risk Management Framework (RMF) steps, tasks, and key documents. Read get_proactive_controls Get OWASP Proactive Controls 2024 — defensive measures developers should implement. Read get_project Get detailed info for a specific OWASP project. Read get_top10 Get OWASP Top 10 2021 items with CWE mappings. Read get_wstg get_wstg Read list_projects list_projects Read lookup_compliance lookup_compliance Read map_finding map_finding Read nist_compliance_map nist_compliance_map Read read_publication read_publication Read search_cve search_cve Read search_kev search_kev Read search_nist search_nist Read search_owasp search_owasp Read search_projects search_projects Read triage_cve Triage CVEs with EPSS scores, CVSS severity, and KEV status. Note: makes individual NVD API calls per CVE; exp
OTHER 1 tools
Other threat_model threat_model
FAQ

Questions about Security Framework

How do I prevent bulk modifications through Security Framework? +

The Security Framework server has 2 write tools including generate_checklist, update_database. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Security Framework.

How many tools does the Security Framework MCP server expose? +

41 tools across 2 categories: Read, Write. 38 are read-only. 3 can modify, create, or delete data.

How do I enforce a policy on Security Framework? +

Register the Security Framework MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Security Framework tool call.

Deterministic rules across all 41 Security Framework tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON SECURITY FRAMEWORK →

Free to start. No card required.

41 Security Framework tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.