Void a QBO invoice by ID. Memo is prefixed with \
AI agents call qbo_void_invoice to permanently remove resources in Kaizen Qbo — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
Voiding an invoice in QuickBooks Online is effectively irreversible: while the record remains, its financial effect is permanently nullified and it cannot be restored to its original state. This constitutes a destructive action with high blast radius since an AI agent could accidentally void legitimate outstanding invoices, disrupting accounts receivable and customer relationships.
From the tool's definition 'Void a QBO invoice by ID' — voiding an invoice is an irreversible financial accounting action that permanently nullifies the invoice record
Attacks that exploit this kind of access
Void a QBO invoice by ID. Memo is prefixed with \. It is categorised as a Destructive tool in the Kaizen Qbo MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Kaizen Qbo MCP server in PolicyLayer and add a rule for qbo_void_invoice: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Kaizen Qbo. Nothing to install.
qbo_void_invoice is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the qbo_void_invoice rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for qbo_void_invoice. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
qbo_void_invoice is provided by the Kaizen Qbo MCP server (kaizen-qbo-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →