Manage spell scrolls - D&D 5e rules for creation, identification, and usage. 📜 SCROLL WORKFLOW: 1. create - DM creates scroll item (spell, level, DC, attack bonus) 2. identify - Character identifies via Arcana check or Identify spell 3. check - Check if character can use (spell on class list?) 4...
AI agents use scroll_manage to create or update resources in Rpg — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Rpg environment.
This tool creates and modifies game state (scroll items in a SQLite-backed persistence layer). The 'use' action consumes the scroll, which is a state change within the game engine. While consumption is a form of deletion, it is a deliberate in-game mechanic (not irreversible data loss), and the primary operations are create/identify/check/use — all within a game context.
From the tool's definition Manage spell scrolls - creation, identification, and usage; 'create - DM creates scroll item', 'use - Cast from scroll (consumed on use)'
Documented attack patterns abuse exactly the kind of access scroll_manage gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Rpg, and nothing reaches the server without passing your rules. This is the rule we recommend for scroll_manage:
{
"version": "1",
"default": "deny",
"tools": {
"scroll_manage": {
"limits": [
{
"counter": "scroll_manage_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}scroll_manage stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Manage spell scrolls - D&D 5e rules for creation, identification, and usage. 📜 SCROLL WORKFLOW: 1. create - DM creates scroll item (spell, level, DC, attack bonus) 2. identify - Character identifies via Arcana check or Identify spell 3. check - Check if character can use (spell on class list?) 4. use - Cast from scroll (consumed on use) 🎲 USAGE RULES: - Spell on your class list: Auto-success, scroll consumed - Spell NOT on list: Arcana check DC 10 + spell level - Failed check: Scroll wasted! 📊 SCROLL STATS BY LEVEL: Level 0-1: DC 13, +5 attack | Level 2-3: DC 13-15, +5-7 Level 4-5: DC 15-17, +7-9 | Level 6+: DC 17+, +9+ Actions: use, create, identify, get_dc, get, check Aliases: cast→use, craft→create, id→identify. It is categorised as a Write tool in the Rpg MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Rpg MCP server in PolicyLayer and add a rule for scroll_manage: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Rpg. Nothing to install.
scroll_manage is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the scroll_manage rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for scroll_manage. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
scroll_manage is provided by the Rpg MCP server (mnehmos/mnehmos.rpg.mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Rpg, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
47 Rpg tools catalogued and risk-classified — across an index of 43,000+ MCP servers.