AI agents use add_user_list_attribute_values to create or update resources in AdButler — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your AdButler environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
values | array | — | Values to add |
user_id | string | Yes | User ID |
user_db_id | number | Yes | User database ID |
list_attribute_name | string | Yes | List attribute name |
Parameters from the server's own tool schema.
This tool modifies user attributes by adding values to a list, which is a write operation. It is reversible (values can be removed or corrected), so it is not Destructive. The severity is medium because modifying user attributes in an advertising platform could affect campaign targeting, billing, or user data integrity, but the blast radius is limited to individual user records rather than system-wide data.
From the tool's definition Tool description states 'Add values to a list attribute for a user' — this creates or modifies user data. The sibling tools include bulk upload operations and archive functions, indicating this server manages advertising campaign data.
Attacks that exploit this kind of access
Add values to a list attribute for a user. It is categorised as a Write tool in the AdButler MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
add_user_list_attribute_values accepts 4 parameters: values, user_id, user_db_id, list_attribute_name. Required: user_id, user_db_id, list_attribute_name. The full parameter table on this page comes from the server's own tool schema.
Register the AdButler MCP server in PolicyLayer and add a rule for add_user_list_attribute_values: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches AdButler. Nothing to install.
add_user_list_attribute_values is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the add_user_list_attribute_values rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for add_user_list_attribute_values. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
add_user_list_attribute_values is provided by the AdButler MCP server (adbutler/mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →