Compute design conditions, HDD/CDD, monthly stats, and peak heating/cooling days for one or more EPW files. Accepts a url (existing EPW), urls (compare 2+), or config (synthesize on the fly with morphing/UHI/events/smoke). Config mode runs the full generation pipeline server-side but returns only...
Risk signalsAccepts URL/endpoint input (url) · High parameter count (24 properties)
Part of the Epwforge Mcp server.
Free to start. No card required.
AI agents call analyze_weather to retrieve information from Epwforge Mcp without modifying any data. This is common in research, monitoring, and reporting workflows where the agent needs context before taking action. Because read operations don't change state, they are generally safe to allow without restrictions -- but you may still want rate limits to control API costs.
Even though analyze_weather only reads data, uncontrolled read access can leak sensitive information or rack up API costs. An agent caught in a retry loop could make thousands of calls per minute. A rate limit gives you a safety net without blocking legitimate use.
Read-only tools are safe to allow by default. No rate limit needed unless you want to control costs.
{
"version": "1",
"default": "deny",
"tools": {
"analyze_weather": {}
}
}See the full Epwforge Mcp policy for all 5 tools.
These attack patterns abuse exactly the kind of access analyze_weather gives an agent. Each links to the full case and the policy that stops it:
Other read tools across the catalogue. The same approach applies to each: allow, with a rate cap to control cost.
Compute design conditions, HDD/CDD, monthly stats, and peak heating/cooling days for one or more EPW files. Accepts a url (existing EPW), urls (compare 2+), or config (synthesize on the fly with morphing/UHI/events/smoke). Config mode runs the full generation pipeline server-side but returns only stats — never the EPW content. Token-saver: pass compact: true to get a ~10-field headline response (~100 tokens) instead of the full ~800-token payload. Use compact for sanity-checking, dashboards, or when chaining many calls; full when you need monthly arrays / peak days / full ASHRAE. Optional include_full_ashrae adds ASHRAE 0.4/1/2% cooling + 99.6/99% heating design conditions with mean coincident dewpoint. Optional include_improbability (config mode) adds a stress-test score. Optional include_idf adds ready-to-paste EnergyPlus SizingPeriod:DesignDay objects. Optional units ('imperial' default | 'metric'). Presentation: when calling with urls (multiple files), the response includes a comparisons array — render it as a markdown table to the user. Lead with the headline delta, not the raw data. No auth required; no credits charged.. It is categorised as a Read tool in the Epwforge Mcp MCP Server, which means it retrieves data without modifying state.
Register the Epwforge MCP server in PolicyLayer and add a rule for analyze_weather: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Epwforge Mcp. Nothing to install.
analyze_weather is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the analyze_weather rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for analyze_weather. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
analyze_weather is provided by the Epwforge MCP server (pypi:epwforge-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 5 Epwforge Mcp tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.