// MCP TOOL REFERENCE
Medium Risk

intel_agent

Probes a domain for known AI agent integration signals: llms.txt, ai.txt, /.well-known/ai-plugin.json, openapi.json, swagger.json, MCP manifest, MCP SSE endpoint. Returns a score based on the count of signals detected. Use this to assess whether a domain is ready for agent-to-agent interaction. U...

Part of the TunnelMind Data API server.

intel_agent can modify TunnelMind Data API data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE TUNNELMIND DATA API →

Free to start. No card required.

WHEN AGENTS USE THIS TOOL

AI agents use intel_agent to create or modify resources in TunnelMind Data API. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.

Without a policy, an AI agent could call intel_agent repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach TunnelMind Data API.

RECOMMENDED POLICY

Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "intel_agent": {
      "limits": [
        {
          "counter": "intel_agent_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

See the full TunnelMind Data API policy for all 54 tools.

Get this rule live on your own TunnelMind Data API server in minutes. PolicyLayer enforces it on every call, before it runs.

ENFORCE ON MY TUNNELMIND DATA API →

MORE TUNNELMIND DATA API TOOLS

Destructive cancel_task Destructive revoke_api_key Write audit_export Write generate_receipt Write intel_http Write intel_inject Write sigil_ads_txt_history Write sigil_atap_register_ait

View all 54 tools →

WHAT CAN GO WRONG

These attack patterns abuse exactly the kind of access intel_agent gives an agent. Each links to the full case and the policy that stops it:

Browse the full MCP Attack Database →

Every attack above starts with a tool call. PolicyLayer checks each one against your policy first, so intel_agent only ever does what you allow.

SECURE TUNNELMIND DATA API →

OTHER WRITE TOOLS

Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.

Firecrawl Web Scraping Server firecrawl_generate_llmstxt AbraFlexi contact_create AbraFlexi contact_update AbraFlexi evidence_create AbraFlexi evidence_update AbraFlexi invoice_issued_update

RELATED READING

FAQ

What does the intel_agent tool do? +

Probes a domain for known AI agent integration signals: llms.txt, ai.txt, /.well-known/ai-plugin.json, openapi.json, swagger.json, MCP manifest, MCP SSE endpoint. Returns a score based on the count of signals detected. Use this to assess whether a domain is ready for agent-to-agent interaction. Use this tool when: - You want to know whether a domain exposes an MCP server or OpenAPI spec for agents. - You are cataloguing the AI-agent-ready surface of a set of domains. - You need to decide whether to attempt programmatic API access to a domain. Do NOT use this tool when: - You need tracker/surveillance data about the domain — use get_domain instead. - You need the robots.txt AI crawler policy — use intel_robots instead. - You need HTTP security posture — use intel_http instead. Inputs: - domain (query, required): Domain to probe. Returns: - Boolean flags per signal (llms_txt, ai_plugin, openapi, mcp_manifest, mcp_endpoint, mcp_sse). - agent_surface_score: integer 0-8, count of signals detected. Cost: - Free. No API key required. Latency: - Typical: 2-5s (parallel probes), p99: 8s.. It is categorised as a Write tool in the TunnelMind Data API MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on intel_agent? +

Register the TunnelMind Data API MCP server in PolicyLayer and add a rule for intel_agent: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches TunnelMind Data API. Nothing to install.

What risk level is intel_agent? +

intel_agent is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit intel_agent? +

Yes. Add a rate_limit block to the intel_agent rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block intel_agent completely? +

Set action: deny in the PolicyLayer policy for intel_agent. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides intel_agent? +

intel_agent is provided by the TunnelMind Data API MCP server (https://mcp-data.tunnelmind.ai/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every TunnelMind Data API tool call.

Deterministic rules across all 54 TunnelMind Data API tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE TUNNELMIND DATA API →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.