render_set_env_var

Set an environment variable on a Render service.

Server UnClick @unclick/mcp-server
Category Write
Risk class Medium
Parameters 43 required

What render_set_env_var does on UnClick

AI agents use render_set_env_var to create or update resources in UnClick — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your UnClick environment.

ParameterTypeRequiredDescription
key string Yes Environment variable name
value string Yes Environment variable value
api_key string
service_id string Yes

Parameters from the server's own tool schema.

Why render_set_env_var needs a policy

This tool modifies configuration of a live Render service by setting environment variables. While technically a write operation (reversible in principle), environment variable changes can have significant security implications — exposing secrets, altering application behavior, or enabling privilege escalation — making the blast radius high.

From the tool's definition 'Set an environment variable on a Render service'

Risk signalsHandles credentials or secrets (api_key)

Questions about render_set_env_var

What does the render_set_env_var tool do? +

Set an environment variable on a Render service. It is categorised as a Write tool in the UnClick MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

What parameters does render_set_env_var accept? +

render_set_env_var accepts 4 parameters: key, value, api_key, service_id. Required: key, value, service_id. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on render_set_env_var? +

Register the UnClick MCP server in PolicyLayer and add a rule for render_set_env_var: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches UnClick. Nothing to install.

What risk level is render_set_env_var? +

render_set_env_var is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit render_set_env_var? +

Yes. Add a rate_limit block to the render_set_env_var rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block render_set_env_var completely? +

Set action: deny in the PolicyLayer policy for render_set_env_var. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides render_set_env_var? +

render_set_env_var is provided by the UnClick MCP server (@unclick/mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.