// MCP TOOL REFERENCE

CPANEL MCP SERVER TOOLS

164 tools from the cPanel MCP Server MCP Server, categorised by risk level.

View the cPanel MCP Server policy →
// ALL 164 CPANEL MCP SERVER TOOLS
READ 62 tools
Read check_feature Check if a specific feature is enabled for the account Read get_2fa_status Check if two-factor authentication is configured for the account Read get_account_info Get general server and account information Read get_account_stats Get general account statistics (email count, db count, domains, etc.) Read get_autossl_status Check AutoSSL status and pending requests Read get_bandwidth_usage Get bandwidth usage statistics for the account Read get_cron_email Get the email address for cron job notifications Read get_disk_usage Get account disk space usage summary (quota, used, limits) Read get_dns_records Get all DNS records for a zone/domain Read get_dnssec_ds_records Fetch DS records for a DNSSEC-enabled domain (needed for registrar configuration) Read get_domain_info Get detailed information about a specific domain Read get_email_routing Get email routing configuration for all mail domains Read get_error_log Get the most recent entries from the site error log Read get_ftp_port Get the FTP server port number Read get_git_deployment_status Get the deployment status of a Git repository Read get_greylisting_status Check if greylisting is enabled for the account Read get_hotlink_protection Get current hotlink protection settings Read get_modsecurity_status Check if ModSecurity (WAF) is installed and get domain status Read get_mysql_server_info Get MySQL server information and restrictions Read get_php_ini_directives Get current PHP INI directives for the account Read get_php_version_for_domain Get the current PHP version assigned to a domain Read get_resource_usage Get current resource usage (CPU, memory, I/O, entry processes) Read get_server_info Get server information (hostname, OS, IP addresses) Read get_spam_settings Get SpamAssassin settings and score threshold Read get_ssl_status Get SSL status for all domains on the account Read get_virus_scan_status Check the status of a running virus scan Read get_visitors_stats Get visitor/access statistics for a domain Read list_addon_domains List all addon domains Read list_api_tokens List all cPanel API tokens for the account Read list_autoresponders List all email autoresponders Read list_backups List available backups on the account Read list_blocked_ips List all blocked IP addresses Read list_cron_jobs List all cron jobs on the account Read list_directory_privacy List directories with password protection configured Read list_domains List all domains on the account (main, addon, sub, parked) Read list_email_accounts List all email accounts with disk usage info Read list_email_filters List all email filters for an account Read list_email_forwarders List all email forwarders Read list_features List all features available to the cPanel account Read list_files List files and directories in a specified path Read list_ftp_accounts List all FTP accounts with disk usage Read list_ftp_sessions List active FTP sessions Read list_git_repos List all Git repositories managed by cPanel Read list_infected_files List files detected as infected by ClamAV Read list_mysql_databases List all MySQL databases on the account Read list_mysql_users List all MySQL database users Read list_parked_domains List all parked/aliased domains Read list_passenger_apps List all registered Node.js/Python/Ruby applications Read list_php_versions List all installed PHP versions available on the server Read list_postgresql_databases List all PostgreSQL databases Read list_postgresql_users List all PostgreSQL users Read list_redirects List all URL redirects Read list_ssh_keys List all SSH keys on the account Read list_ssl_certificates List all installed SSL certificates Read list_ssl_keys List all SSL private keys on the account Read list_subdomains List all subdomains Read list_wordpress_installations List all WordPress installations managed by cPanel (requires WP Toolkit or Instance Manager on server) Read read_file Read the contents of a file Read validate_dkim Validate current DKIM configuration for all domains Read validate_ptr_records Validate current PTR (reverse DNS) records Read validate_spf Validate current SPF records for all domains Read export_dnssec_key Export a DNSSEC DNSKEY record for a domain
WRITE 64 tools
Write add_directory_user Add a user to a password-protected directory Write add_dns_record Add a DNS zone record (A, AAAA, CNAME, MX, TXT, SRV, CAA) Write authorize_ssh_key Authorize an SSH key for login Write block_ip Block an IP address or range Write change_email_password Change password for an email account Write change_email_quota Change mailbox quota for an email account Write change_ftp_password Change an FTP account password Write change_ftp_quota Change an FTP account Write create_addon_domain Create a new addon domain Write create_api_token Create a new cPanel API token with full access Write create_autoresponder Create an email autoresponder Write create_cron_job Create a new cron job Write create_database_backup Create a backup of a specific MySQL database Write create_email_account Create a new email account Write create_email_backup Create a backup of email configurations and data Write create_email_forwarder Create an email forwarder Write create_file Create a new file with specified content Write create_ftp_account Create a new FTP account Write create_full_backup Create a full account backup Write create_git_repo Create a new Git repository in cPanel Write create_homedir_backup Create a backup of the home directory files Write create_mysql_database Create a new MySQL database Write create_mysql_user Create a new MySQL database user Write create_parked_domain Park/alias a domain to the main domain Write create_postgresql_database Create a new PostgreSQL database Write create_postgresql_user Create a new PostgreSQL user Write create_redirect Create a URL redirect Write create_subdomain Create a new subdomain Write disable_dkim Disable DKIM for a domain Write disable_dnssec Disable DNSSEC for a domain Write disable_greylisting Disable greylisting for all domains Write disable_hotlink_protection Disable hotlink protection Write disable_spam_assassin Disable SpamAssassin spam filtering Write disable_spam_box Disable the spam box Write edit_cron_job Edit an existing cron job Write edit_dns_record Edit an existing DNS zone record Write edit_file Update the contents of an existing file Write enable_dkim Enable DKIM (DomainKeys Identified Mail) for a domain Write enable_dnssec Enable DNSSEC for a domain Write enable_greylisting Enable greylisting for all domains (delays first-time senders to block spam) Write enable_hotlink_protection Enable hotlink protection Write enable_modsecurity Enable ModSecurity (WAF) for all domains Write enable_modsecurity_domain Enable ModSecurity for specific domains Write enable_spam_assassin Enable SpamAssassin spam filtering for the account Write enable_spam_box Enable the spam box (auto-deliver spam to a separate folder) Write ensure_dkim_keys Ensure DKIM keys exist for all domains (generates missing keys) Write generate_2fa_config Generate a new two-factor authentication secret (returns QR code data) Write generate_ssl_csr Generate a Certificate Signing Request (CSR) Write import_ssh_key Import an SSH public or private key Write install_spf_records Install/update SPF records for all domains Write install_ssl_certificate Install an SSL certificate for a domain Write register_passenger_app Register a new Node.js, Python, or Ruby application Write rename_api_token Rename an existing API token Write restore_database_backup Restore a MySQL database from a backup file Write restore_file_backup Restore a file from a backup Write set_2fa Enable two-factor authentication with a secret and verification code Write set_cron_email Set the email address for cron job notifications Write set_dnssec_nsec3 Enable NSEC3 for a DNSSEC domain (prevents zone enumeration) Write set_mysql_privileges Set privileges for a MySQL user on a database Write set_php_ini_directives Set PHP INI directives (e.g., memory_limit, upload_max_filesize) Write set_php_version_for_domain Set the PHP version for a domain Write set_postgresql_privileges Grant a PostgreSQL user access to a database Write unblock_ip Unblock a previously blocked IP address Write unset_dnssec_nsec3 Disable NSEC3 for a DNSSEC domain (revert to NSEC)
DESTRUCTIVE 28 tools
Destructive clear_spam_box Clear all messages from the SpamAssassin spam box Destructive deauthorize_ssh_key Deauthorize an SSH key (revoke login access) Destructive delete_addon_domain Delete an addon domain Destructive delete_autoresponder Delete an email autoresponder Destructive delete_cron_job Delete a cron job Destructive delete_dns_record Delete a DNS zone record by line number Destructive delete_email_account Delete an email account Destructive delete_email_filter Delete an email filter Destructive delete_email_forwarder Delete an email forwarder Destructive delete_file Delete a file or directory Destructive delete_ftp_account Delete an FTP account Destructive delete_git_repo Delete a Git repository from cPanel Destructive delete_mysql_database Delete a MySQL database Destructive delete_mysql_user Delete a MySQL database user Destructive delete_parked_domain Remove a parked/aliased domain Destructive delete_postgresql_database Delete a PostgreSQL database Destructive delete_postgresql_user Delete a PostgreSQL user Destructive delete_redirect Delete a URL redirect Destructive delete_ssh_key Delete an SSH key Destructive delete_ssl_certificate Delete/uninstall an SSL certificate from a domain Destructive delete_subdomain Delete a subdomain Destructive remove_2fa Remove/disable two-factor authentication from the account Destructive revoke_api_token Revoke/delete an API token Destructive revoke_mysql_privileges Revoke all privileges for a MySQL user on a database Destructive revoke_postgresql_privileges Revoke a PostgreSQL user Destructive unregister_passenger_app Unregister/remove a Node.js, Python, or Ruby application Destructive disinfect_files Quarantine/disinfect files detected as infected Destructive kill_ftp_session Terminate an active FTP session
EXECUTE 10 tools
Execute deploy_git_repo Deploy a Git repository (trigger deployment via .cpanel.yml) Execute start_virus_scan Start a ClamAV virus scan on a directory (requires ClamAV plugin on server) Execute trigger_autossl Trigger an AutoSSL check/renewal for the account Execute disable_modsecurity Disable ModSecurity (WAF) for all domains Execute disable_modsecurity_domain Disable ModSecurity for specific domains Execute disable_passenger_app Disable/stop a registered application Execute enable_passenger_app Enable/start a registered application Execute ensure_passenger_deps Install/update dependencies for a registered application (npm install, pip install, etc.) Execute trace_email_filter Test email filters against a message to see which rules match Execute update_git_repo Pull/update a Git repository

Route cPanel MCP Server through PolicyLayer and every one of its 164 tools is checked against your policy before it runs.

CHECK YOUR STACK →

See every tool, the dangerous ones, and the token cost across your stack.

// FAQ
How many tools does the cPanel MCP Server MCP server have? +

The cPanel MCP Server MCP server exposes 164 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on cPanel MCP Server tools? +

Route the cPanel MCP Server server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do cPanel MCP Server tools fall into? +

cPanel MCP Server tools are categorised as Read (62), Write (64), Destructive (28), Execute (10). Each category has a recommended default policy.

Enforce policy on every cPanel MCP Server tool call.

Start from cPanel MCP Server, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.