View and manage documents with metadata support
AI agents use document-viewer to create or update resources in IMCP - Insecure Model Context Protocol — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your IMCP - Insecure Model Context Protocol environment.
The tool name includes 'viewer' suggesting read operations, but the description explicitly includes 'manage documents' which implies write capabilities such as editing metadata or modifying documents. Given IMCP is a deliberately vulnerable framework (DVWA for AI Security), this tool likely exposes insecure document management operations. The 'manage' verb elevates this above a pure Read classification.
From the tool's definition 'View and manage documents with metadata support' - 'manage' implies write/modification capabilities beyond read-only viewing
Attacks that exploit this kind of access
View and manage documents with metadata support. It is categorised as a Write tool in the IMCP - Insecure Model Context Protocol MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the IMCP - Insecure Model Context Protocol MCP server in PolicyLayer and add a rule for document-viewer: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches IMCP - Insecure Model Context Protocol. Nothing to install.
document-viewer is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the document-viewer rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for document-viewer. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
document-viewer is provided by the IMCP - Insecure Model Context Protocol MCP server (nav33n25/imcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →