Cancel an active watcher by watcherId — it stops watching immediately. Flat-fee model: no refund of the unused window (nothing is held or owed). Idempotent. Pairs with watchers.crypto-address-activity and watchers.status.
AI agents call watchers.cancel to permanently remove resources in Mcp — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
This tool irreversibly terminates an active monitoring service without refund or recovery mechanism. Once canceled, the watcher stops immediately and the payment for the unused window is non-recoverable ('no refund of the unused window'). This is a destructive action because it cannot be undone—the watcher must be recreated to resume monitoring, and the financial loss (forfeited prepaid balance) cannot be recovered.
From the tool's definition Cancel an active watcher by watcherId — it stops watching immediately. Flat-fee model: no refund of the unused window (nothing is held or owed).
Attacks that exploit this kind of access
Cancel an active watcher by watcherId — it stops watching immediately. Flat-fee model: no refund of the unused window (nothing is held or owed). Idempotent. Pairs with watchers.crypto-address-activity and watchers.status. It is categorised as a Destructive tool in the Mcp MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the MCP server in PolicyLayer and add a rule for watchers.cancel: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp. Nothing to install.
watchers.cancel is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the watchers.cancel rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for watchers.cancel. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
watchers.cancel is provided by the MCP server (@2sio/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →