Self-register an x402 / MCP service in the agent-tools directory. Service owners and agents may submit new services here. Submissions are auto-reviewed instantly by x402 verification (no human gate): if the URL proves x402 payment support it is listed immediately and shows up in search; otherwise...
Risk signalsAccepts URL/endpoint input (url)
Part of the agent-tools (x402 + MCP + A2A directory) server.
Free to start. No card required.
AI agents use register to create or modify resources in agent-tools (x402 + MCP + A2A directory). Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call register repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach agent-tools (x402 + MCP + A2A directory).
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
{
"version": "1",
"default": "deny",
"tools": {
"register": {
"limits": [
{
"counter": "register_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}See the full agent-tools (x402 + MCP + A2A directory) policy for all 10 tools.
These attack patterns abuse exactly the kind of access register gives an agent. Each links to the full case and the policy that stops it:
Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Self-register an x402 / MCP service in the agent-tools directory. Service owners and agents may submit new services here. Submissions are auto-reviewed instantly by x402 verification (no human gate): if the URL proves x402 payment support it is listed immediately and shows up in search; otherwise it is rejected or retried automatically. Listing is FREE. Dedup: if a service with the same canonical origin (scheme://host) already exists in the directory we return its slug instead of creating a duplicate submission. Same goes for a still-pending submission with the same origin. Rate limit: at most 5 pending submissions per client IP per 24h. Hits beyond that get {error: rate_limited} — try again later or email contact@agent-tools.cloud for bulk imports. Args: url: Public HTTPS URL of the service (the x402-payable endpoint or its homepage). Required. name: Human-friendly name. Defaults to the URL hostname. description: One-paragraph description (max ~2000 chars). mcp_url: If the service speaks MCP, its streamable-http endpoint. category: Free-form (e.g. "defi", "search", "social"). Use list_categories to align with existing taxonomy. chains: Networks the service accepts payment on (e.g. ["base", "solana"]). price_min_usdc: Lower bound of per-call price in USDC. price_max_usdc: Upper bound of per-call price in USDC. contact: Optional email / handle the directory team can reach you on for clarifications.. It is categorised as a Write tool in the agent-tools (x402 + MCP + A2A directory) MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the agent-tools (x402 + MCP + A2A directory) MCP server in PolicyLayer and add a rule for register: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches agent-tools (x402 + MCP + A2A directory). Nothing to install.
register is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the register rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for register. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
register is provided by the agent-tools (x402 + MCP + A2A directory) MCP server (pypi:agent-tools-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 10 agent-tools (x402 + MCP + A2A directory) tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.