Initialize and populate empty AI_README files within a project. When to use: - First-time setup when no AI_README exists. - get_context_for_file reports empty or missing AI_README files. - Newly created directories need conventions recorded. - Multiple directories require conventions in one pass....
Risk signalsAdmin/system-level operation
Part of the Ai Readme server.
Free to start. No card required.
AI agents may call init_ai_readme to permanently remove or destroy resources in Ai Readme. Without a policy, an autonomous agent could delete critical data in a loop with no way to undo the damage. PolicyLayer blocks destructive tools by default and requires explicit human approval before enabling them.
Without a policy, an AI agent could call init_ai_readme in a loop, permanently destroying resources in Ai Readme. There is no undo for destructive operations. PolicyLayer blocks this tool by default and only allows it when a human explicitly approves the action.
Destructive tools permanently remove data. Block by default. Only enable with explicit approval workflows.
{
"version": "1",
"default": "deny",
"hide": [
"init_ai_readme"
]
}See the full Ai Readme policy for all 6 tools.
These attack patterns abuse exactly the kind of access init_ai_readme gives an agent. Each links to the full case and the policy that stops it:
Other destructive tools across the catalogue. The same approach applies to each: deny by default, or require human approval.
Initialize and populate empty AI_README files within a project. When to use: - First-time setup when no AI_README exists. - get_context_for_file reports empty or missing AI_README files. - Newly created directories need conventions recorded. - Multiple directories require conventions in one pass. What it does: - Scans for missing or empty AI_README documents. - Creates a root-level AI_README if none is present. - Provides directory-specific prompts to gather conventions. - Guides you through documenting tech stack, patterns, and naming. Workflow: - Call init_ai_readme. - Follow the step-by-step instructions to inspect each directory. - Use update_ai_readme to record the conventions. - Run validate_ai_readmes to check for problems. - Fix any warnings (remove redundant content, add Cross-directory dependencies section). - Re-run get_context_for_file to confirm coverage before coding.. It is categorised as a Destructive tool in the Ai Readme MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Ai Readme MCP server in PolicyLayer and add a rule for init_ai_readme: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Ai Readme. Nothing to install.
init_ai_readme is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the init_ai_readme rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for init_ai_readme. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
init_ai_readme is provided by the Ai Readme MCP server (ai-readme-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 6 Ai Readme tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.