Requests the next available task. Handles zombie recovery and re-entry.
AI agents use atp_claim_task to create or update resources in ATP Librarian MCP Server — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your ATP Librarian MCP Server environment.
While 'claim' sounds like a simple read operation, the phrase 'zombie recovery and re-entry' indicates this tool modifies task state (transitioning tasks from unclaimed to claimed, or from zombie to active states). This is a reversible modification (tasks can be unclaimed or reclaimed), making it Write rather than Execute.
From the tool's definition Tool performs 'claim' operation which modifies task state (marking a task as claimed/assigned), potentially handles 'zombie recovery' state transitions, and manages task re-entry logic—these are state-modifying operations on a task dependency graph.
Attacks that exploit this kind of access
Requests the next available task. Handles zombie recovery and re-entry. It is categorised as a Write tool in the ATP Librarian MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the ATP Librarian MCP Server MCP server in PolicyLayer and add a rule for atp_claim_task: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches ATP Librarian MCP Server. Nothing to install.
atp_claim_task is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the atp_claim_task rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for atp_claim_task. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
atp_claim_task is provided by the ATP Librarian MCP Server MCP server (manuelcecchetto/atp-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →