Take a Profit & Loss / Income Statement CSV export from QuickBooks Online, Xero, Zoho Books, or Wave (source auto-detected from section names) and run three checks: (1) pnl.subtotal_mismatch — each "Total Section" subtotal equals the sum of its preceding line items (catches missing or duplicated ...
AI agents call analyze_profit_loss to retrieve information from HelloBooks AI MCP Server without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
csvText | string | Yes | Raw CSV text of a Profit & Loss / Income Statement report. Works with QuickBooks Online (Reports → Profit and Loss), Xero (Reports → Profit and Loss), Zoho Book |
fileName | string | — | Optional filename for the share-page label. |
Parameters from the server's own tool schema.
This tool performs data validation and anomaly detection on an existing P&L report. It retrieves, parses, and analyzes financial data but produces no side effects—no accounts are updated, no transactions are posted, no records are deleted or overwritten. The worst misuse would be incorrect analysis output, not financial harm from the tool's actions. Thus it is Read with low severity.
From the tool's definition Tool analyzes and validates a P&L CSV export by running checks (subtotal_mismatch, negative_expense, margin_red_flag) without modifying data. It only 'run[s] three checks' and 'flags' issues.
Risk signalsAccepts file system path (fileName)
Attacks that exploit this kind of access
Take a Profit & Loss / Income Statement CSV export from QuickBooks Online, Xero, Zoho Books, or Wave (source auto-detected from section names) and run three checks: (1) pnl.subtotal_mismatch — each "Total Section" subtotal equals the sum of its preceding line items (catches missing or duplicated rows); (2) pnl.negative_expense — flags expense-section line items with negative amounts (usually sign-flips or refunds posted to the wrong side); (3) pnl.margin_red_flag — gross-profit margin < 5% or > 95%, or negative total revenue. Input is raw CSV text of a P&L report (Reports → Profit and Loss in QBO / Xero / Zoho / Wave). Max 5,000 rows; max 5 MB. Returns flags with severity, a summary with totalRevenue / totalCogs / grossProfit / grossMarginPct / netIncome (when detected), and a shareable URL at agents.hellobooks.ai/r/{slug}. Use this when a user pastes a P&L and asks "does my P&L look right?", "any sign errors?", "what is my gross margin?", or "anything suspicious in my income statement?". For period-over-period comparison use analyze_journal_variance with two periods of journal-entry data; this tool is single-period only. It is categorised as a Read tool in the HelloBooks AI MCP Server MCP Server, which means it retrieves data without modifying state.
analyze_profit_loss accepts 2 parameters: csvText, fileName. Required: csvText. The full parameter table on this page comes from the server's own tool schema.
Register the HelloBooks AI MCP Server MCP server in PolicyLayer and add a rule for analyze_profit_loss: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches HelloBooks AI MCP Server. Nothing to install.
analyze_profit_loss is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the analyze_profit_loss rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for analyze_profit_loss. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
analyze_profit_loss is provided by the HelloBooks AI MCP Server MCP server (Meru-Fin-Tech/HelloBooks-MCP-Public). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →