Render a Mermaid diagram and insert it as an independent element OUTSIDE tables (HWPX only). Uses mermaid.ink API. Use after_table or after_header for easier positioning. ⚠️ WARNING: This tool ALWAYS inserts OUTSIDE tables. Even if after_header finds text inside a table cell, the diagram will b...
High parameter count (19 properties)
Part of the Hwpx MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents call render_mermaid to retrieve information from Hwpx without modifying any data. This is common in research, monitoring, and reporting workflows where the agent needs context before taking action. Because read operations don't change state, they are generally safe to allow without restrictions -- but you may still want rate limits to control API costs.
Even though render_mermaid only reads data, uncontrolled read access can leak sensitive information or rack up API costs. An agent caught in a retry loop could make thousands of calls per minute. A rate limit gives you a safety net without blocking legitimate use.
Read-only tools are safe to allow by default. No rate limit needed unless you want to control costs.
tools:
render_mermaid:
rules:
- action: allowSee the full Hwpx policy for all 135 tools.
Agents calling read-class tools like render_mermaid have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Read risk category across the catalogue. The same policy patterns (rate-limit, allow) apply to each.
Render a Mermaid diagram and insert it as an independent element OUTSIDE tables (HWPX only). Uses mermaid.ink API. Use after_table or after_header for easier positioning. ⚠️ WARNING: This tool ALWAYS inserts OUTSIDE tables. Even if after_header finds text inside a table cell, the diagram will be placed AFTER the table, not inside it. 👉 To insert a Mermaid diagram INSIDE a table cell: 1. First use find_insert_position_after_header to check found_in 2. If found_in='table_cell', use render_mermaid_in_cell with the returned table_info (table_index, row, col) 3. If found_in='paragraph', use this render_mermaid tool. It is categorised as a Read tool in the Hwpx MCP Server, which means it retrieves data without modifying state.
Add a rule in your Intercept YAML policy under the tools section for render_mermaid. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Hwpx MCP server.
render_mermaid is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the render_mermaid rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for render_mermaid. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
render_mermaid is provided by the Hwpx MCP server (hwpx-mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.