8 tools from the Hal MCP Server, categorised by risk level.
View the Hal policy →http-get Make an HTTP GET request to a specified URL. Supports secret substitution using {secrets.key} syntax where 'key' corresponds to HAL_SECRET_KEY envi... list-secrets Get a list of available secret keys that can be used with {secrets.key} syntax. Only shows the key names, never the actual secret values. http-head Make an HTTP HEAD request to a specified URL with optional headers (returns only headers, no body). Supports secret substitution using {secrets.key... 2/5 http-options Make an HTTP OPTIONS request to a specified URL to check available methods and headers. Supports secret substitution using {secrets.key} syntax in ... 2/5 http-patch Make an HTTP PATCH request to a specified URL with optional body and headers. Supports secret substitution using {secrets.key} syntax in URL, heade... 3/5 http-post Make an HTTP POST request to a specified URL with optional body and headers. Supports secret substitution using {secrets.key} syntax in URL, header... 3/5 http-put Make an HTTP PUT request to a specified URL with optional body and headers. Supports secret substitution using {secrets.key} syntax in URL, headers... 3/5 The Hal MCP server exposes 8 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Hal server.
Hal tools are categorised as Read (2), Write (5), Destructive (1). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept