WHEN TO USE: To start a new monitoring scan for a project — sends prompts to all configured LLMs and collects responses.
AI agents invoke lbm_run_scan to trigger actions in LLM Brand Monitor. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
The tool triggers external API calls to multiple LLM services to execute configured prompts and gather data. While not destructive or financial, it performs an action with side effects (API calls, potential costs, rate-limit impacts, data generation) that cannot be undone once initiated. This fits Execute rather than Read (which would be passive querying) or Write (which would only modify local data).
From the tool's definition "sends prompts to all configured LLMs and collects responses" — this tool executes external operations (prompts sent to 350+ AI models) whose effects depend on arguments (which prompts, which models, project configuration).
Attacks that exploit this kind of access
WHEN TO USE: To start a new monitoring scan for a project — sends prompts to all configured LLMs and collects responses. It is categorised as a Execute tool in the LLM Brand Monitor MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the LLM Brand Monitor MCP server in PolicyLayer and add a rule for lbm_run_scan: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches LLM Brand Monitor. Nothing to install.
lbm_run_scan is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the lbm_run_scan rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for lbm_run_scan. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
lbm_run_scan is provided by the LLM Brand Monitor MCP server (@serpstat/llm-brand-monitor-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →