Track a revenue event in Amplitude
AI agents use amplitude_track_revenue to commit financial operations through Amplitude MCP Server — usually the final step of a payment, billing, or trading workflow. A call moves real money.
While this tool tracks/records revenue events in Amplitude analytics rather than directly moving money, it commits financial data to the system and could be used to falsify or manipulate revenue records. The server description explicitly mentions 'track revenue' as a financial capability.
From the tool's definition 'Track a revenue event in Amplitude' - the tool explicitly tracks revenue, which records financial transactions in the analytics system
Documented attack patterns abuse exactly the kind of access amplitude_track_revenue gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Amplitude MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for amplitude_track_revenue:
{
"version": "1",
"default": "deny",
"tools": {
"amplitude_track_revenue": {
"deny_if": [
{
"conditions": [],
"on_deny": "Requires human approval."
}
]
}
}
}Any call to amplitude_track_revenue is blocked until a human approves it. The rest of the server keeps working.
Free to start. No card required.
Track a revenue event in Amplitude. It is categorised as a Financial tool in the Amplitude MCP Server MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the Amplitude MCP Server MCP server in PolicyLayer and add a rule for amplitude_track_revenue: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Amplitude MCP Server. Nothing to install.
amplitude_track_revenue is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the amplitude_track_revenue rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for amplitude_track_revenue. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
amplitude_track_revenue is provided by the Amplitude MCP Server MCP server (moonbirdai/amplitude-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Amplitude MCP Server, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
5 Amplitude MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.