The Printr MCP server exposes tools that can move money, delete data, or destroy resources. Without policy enforcement, an autonomous agent has unrestricted access to every one of them.
Financial operations (printr_transfer) can move real money. An agent caught in a loop could drain accounts before anyone notices.
Destructive tools (printr_wallet_bulk_remove, printr_wallet_remove) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.
Write operations (printr_create_token, printr_open_web_signer, printr_set_treasury_wallet) modify state. Without rate limits, an agent can make hundreds of changes in seconds -- faster than any human can review or revert.
Execute tools (printr_drain_deployment_wallet, printr_fund_deployment_wallet, printr_launch_token) trigger processes with side effects. Builds, notifications, workflows -- all fired without throttling.
These Printr tools can modify, create, or destroy resources. Without a policy, your agent has unrestricted access to all of them.
printr_create_token Create a new token on Printr. Returns an UNSIGNED transaction payload that must be signed by the creator's wallet and submitted on-chain. The payload will be EVM calldata or Solana instructions depending on the home chain. You need separate wallet infrastructure to sign and submit the transaction. Use printr_quote first to estimate costs. Supply image (base64) or image_path (local file path — auto-compressed). If neither is provided and OPENROUTER_API_KEY is set, an image is generated from the token name, symbol, and description. The response includes a token_id (telecoin ID, hex) which can be used to construct the trade page URL: https://app.printr.money/trade/{token_id}. Present this URL to the user after the transaction is confirmed. Write printr_open_web_signer Starts an ephemeral local signing session and returns a deep link to the Printr web app where the user can sign the transaction using their browser wallet (MetaMask / Phantom). Call this after printr_create_token when the user wants to sign via browser rather than providing a raw private key. Present the returned URL to the user and ask them to open it. After the user confirms they have signed, proceed to poll printr_get_deployments. Write printr_set_treasury_wallet Set a keystore wallet as the treasury wallet for funding deployment wallets. Once set, printr_fund_deployment_wallet and printr_drain_deployment_wallet will use this wallet instead of requiring environment variables. The treasury wallet persists for the session (until the MCP server restarts). Use printr_wallet_new or printr_wallet_import to add wallets first. Write printr_sign_and_submit_evm Sign and submit an EVM transaction payload returned by printr_create_token. If no private_key is provided, the user will be prompted to select or provision a wallet. Returns the transaction hash and receipt once confirmed. After successful confirmation, present the trade page URL to the user: https://app.printr.money/trade/{token_id} using the token_id from the prior printr_create_token call. Write printr_sign_and_submit_svm Sign and submit a Solana transaction payload returned by printr_create_token. If no private_key is provided, the user will be prompted to select or provision a wallet. Returns the transaction signature once confirmed. After successful confirmation, present the trade page URL to the user: https://app.printr.money/trade/{token_id} using the token_id from the prior printr_create_token call. Write printr_wallet_import Import an existing private key as the active wallet for its chain. Optionally encrypt and save it to the local keystore by providing a label and password. The wallet is set active immediately. Write printr_wallet_unlock Decrypt a stored keystore wallet with its password and set it as the active wallet for its chain type. Once unlocked, signing tools use it automatically for the rest of the session (until the MCP server restarts). Write printr_transfer Transfer native tokens (ETH, SOL, BNB, etc.) to another address. Uses the active wallet from printr_wallet_unlock if no private_key is provided. Financial printr_wallet_bulk_remove Remove multiple wallets from the local keystore at once. Does not affect active wallets for the current session. Destructive printr_wallet_remove Remove a wallet from the local keystore. Does not affect the active wallet for the current session. Destructive printr_drain_deployment_wallet Drain remaining funds from a deployment wallet back to the treasury. NOTE: drain runs automatically inside printr_launch_token — only call this tool manually to recover a stuck wallet (e.g. after a crash or if printr_launch_token was not called). Automatically calculates gas fees and drains the maximum possible amount. Can recover wallets after MCP restart using persisted state and PRINTR_DEPLOYMENT_PASSWORD. Execute printr_fund_deployment_wallet Create a fresh deployment wallet and fund it from the treasury wallet. Uses the SVM_WALLET_PRIVATE_KEY or EVM_WALLET_PRIVATE_KEY environment variable as the funding source. The new wallet is set as the active wallet for signing. Use this before printr_launch_token to deploy tokens without exposing the treasury. Requires PRINTR_DEPLOYMENT_PASSWORD to be set for wallet encryption. Execute printr_launch_token Create a token and sign it in one call — collapses printr_create_token + printr_sign_and_submit_evm/svm or printr_open_web_signer into a single round-trip. Supply image (base64) or image_path (auto-compressed). If neither is provided and OPENROUTER_API_KEY is set, an image is auto-generated. With private_key: token is created and submitted on-chain immediately. Without private_key: token is created and a browser signing URL is returned. After submission, present the trade page URL: https://app.printr.money/trade/{token_id}. Execute printr_wallet_new Generate a new wallet keypair for the given chain, encrypt it with a password, and save it to the local keystore (~/.printr/wallets.json). Returns the new address and wallet ID. The wallet is immediately set as the active wallet for its chain type. Fund the address with native tokens before signing transactions. Execute These rules are based on the tool categories exposed by the Printr MCP server. Adjust the limits to match your use case.
printr_transfer:
rules:
- action: deny
on_deny: "Financial operations require approval" Financial tools should be explicitly enabled per use case, not open by default.
printr_wallet_bulk_remove:
rules:
- action: deny
on_deny: "Destructive operations blocked by policy" Destructive tools should never be available to autonomous agents without human approval.
printr_create_token:
rules:
- name: "write-rate-limit"
rate_limit: 30/hour
on_deny: "Write rate limit reached" Prevents bulk unintended modifications from agents caught in loops.
printr_claim_fees:
rules:
- action: allow
rate_limit: 60/minute Controls API costs and prevents retry loops from exhausting upstream rate limits.
This is the complete policy file for Printr. It lists every tool with suggested default rules. Download it, adjust the limits, and run with Intercept.
version: "1" default: "deny" tools: printr_wallet_bulk_remove: rules: - action: deny on_deny: "Destructive operation blocked by policy" printr_wallet_remove: rules: - action: deny on_deny: "Destructive operation blocked by policy" printr_drain_deployment_wallet: rules: - action: allow rate_limit: 10/hour validate: required_args: true printr_fund_deployment_wallet: rules: - action: allow rate_limit: 10/hour validate: required_args: true printr_launch_token: rules: - action: allow rate_limit: 10/hour validate: required_args: true printr_wallet_new: rules: - action: allow rate_limit: 10/hour validate: required_args: true printr_transfer: rules: - action: deny on_deny: "Financial operation requires approval" printr_claim_fees: rules: - action: allow rate_limit: 60/minute printr_get_balance: rules: - action: allow rate_limit: 60/minute printr_get_creator_fees: rules: - action: allow rate_limit: 60/minute printr_get_deployments: rules: - action: allow rate_limit: 60/minute printr_get_token: rules: - action: allow rate_limit: 60/minute printr_get_token_balance: rules: - action: allow rate_limit: 60/minute printr_quote: rules: - action: allow rate_limit: 60/minute printr_supported_chains: rules: - action: allow rate_limit: 60/minute printr_wallet_list: rules: - action: allow rate_limit: 60/minute printr_create_token: rules: - action: allow rate_limit: 30/hour printr_open_web_signer: rules: - action: allow rate_limit: 30/hour printr_set_treasury_wallet: rules: - action: allow rate_limit: 30/hour printr_sign_and_submit_evm: rules: - action: allow rate_limit: 30/hour printr_sign_and_submit_svm: rules: - action: allow rate_limit: 30/hour printr_wallet_import: rules: - action: allow rate_limit: 30/hour printr_wallet_unlock: rules: - action: allow rate_limit: 30/hour
Download the policy
curl -o io-github-printrfi-printr.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/io-github-printrfi-printr.yaml
Run Intercept in front of the server
intercept -c io-github-printrfi-printr.yaml -- npx -y @@printr/mcp
Works with any MCP client:
Every tool call is now checked against your policy before it reaches Printr. Denied calls are blocked and logged. Allowed calls pass through with no latency impact.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept