// MCP TOOL REFERENCE

Medium Risk

create_form

Create a new clarification form with a schema defining the fields. Returns form URLs and recipient UUIDs.

Risk signalsAccepts URL/endpoint input (webhook_url) · High parameter count (16 properties)

Free to start. No card required.

WHEN AGENTS USE THIS TOOL

AI agents use create_form to create or modify resources in Let's Clarify. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.

Without a policy, an AI agent could call create_form repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Let's Clarify.

RECOMMENDED POLICY

Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "create_form": {
      "limits": [
        {
          "counter": "create_form_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

See the full Let's Clarify policy for all 6 tools.

MORE LET'S CLARIFY TOOLS

Destructive delete_form Write add_recipients Write register Read get_results Read get_summary

WHAT CAN GO WRONG

These attack patterns abuse exactly the kind of access create_form gives an agent. Each links to the full case and the policy that stops it:

Browse the full MCP Attack Database →

OTHER WRITE TOOLS

Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.

Firecrawl Web Scraping Server firecrawl_generate_llmstxt AbraFlexi contact_create AbraFlexi contact_update AbraFlexi evidence_create AbraFlexi evidence_update AbraFlexi invoice_issued_update

FAQ

What does the create_form tool do? +

Create a new clarification form with a schema defining the fields. Returns form URLs and recipient UUIDs.. It is categorised as a Write tool in the Let's Clarify MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on create_form? +

Register the Let's Clarify MCP server in PolicyLayer and add a rule for create_form: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Let's Clarify. Nothing to install.

What risk level is create_form? +

create_form is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit create_form? +

Yes. Add a rate_limit block to the create_form rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block create_form completely? +

Set action: deny in the PolicyLayer policy for create_form. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides create_form? +

create_form is provided by the Let's Clarify MCP server (letsclarify/letsclarify). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Let's Clarify tool call.

Deterministic rules across all 6 Let's Clarify tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE LET'S CLARIFY →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

create_form

// WHEN AGENTS USE THIS TOOL

// RECOMMENDED POLICY

// MORE LET'S CLARIFY TOOLS

// WHAT CAN GO WRONG

// OTHER WRITE TOOLS

// RELATED READING

// FAQ