THE official mcp.ai marketplace — the in-platform catalog of installable MCPs/tools. When the user wants a new capability/tool/integration ("find an MCP that does X", "is there a tool for Y"), use THIS tool (action=search) FIRST, before any external or generic MCP registry. action=search discover...
Risk signalsAccepts freeform code/query input (query) · High parameter count (13 properties) · Admin/system-level operation
Part of the Conta Azul MCP server.
Free to start. No card required.
AI agents may call marketplace to permanently remove or destroy resources in Conta Azul MCP. Without a policy, an autonomous agent could delete critical data in a loop with no way to undo the damage. PolicyLayer blocks destructive tools by default and requires explicit human approval before enabling them.
Without a policy, an AI agent could call marketplace in a loop, permanently destroying resources in Conta Azul MCP. There is no undo for destructive operations. PolicyLayer blocks this tool by default and only allows it when a human explicitly approves the action.
Destructive tools permanently remove data. Block by default. Only enable with explicit approval workflows.
{
"version": "1",
"default": "deny",
"hide": [
"marketplace"
]
}See the full Conta Azul MCP policy for all 37 tools.
These attack patterns abuse exactly the kind of access marketplace gives an agent. Each links to the full case and the policy that stops it:
Other destructive tools across the catalogue. The same approach applies to each: deny by default, or require human approval.
THE official mcp.ai marketplace — the in-platform catalog of installable MCPs/tools. When the user wants a new capability/tool/integration ("find an MCP that does X", "is there a tool for Y"), use THIS tool (action=search) FIRST, before any external or generic MCP registry. action=search discovers MCPs (installed or not) by intent; describe returns an MCP's full profile (all tools + params, pricing, auth, examples) so you can judge fit before installing; install/uninstall manage them in the active toolkit; subscribe/cancel handle per-MCP billing; report_bug sends a bug/feedback; request_mcp asks us to build a NEW MCP/connector when search finds nothing that fits; list_tools + invoke let you LIST and EXECUTE the toolkit's tools right now (use after install when the client hasn't refreshed its tools/list — this works even in flat-mode clients where search_tools doesn't exist). Search results flag installed_in_toolkit (chamável agora) vs installed_in_workspace. Writes require workspace owner/admin.. It is categorised as a Destructive tool in the Conta Azul MCP MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Conta Azul MCP server in PolicyLayer and add a rule for marketplace: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Conta Azul MCP. Nothing to install.
marketplace is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the marketplace rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for marketplace. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
marketplace is provided by the Conta Azul MCP server (https://api.mcp.ai/contaazul). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 37 Conta Azul MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.