Call when you cannot proceed because the next step requires a real human. USE WHEN you are blocked by: - Terms of Service or legal agreements requiring a natural person - Account creation that needs identity verification or CAPTCHA - Authentication requiring human identity (BankID, SMS 2FA, OAut...
Part of the NeedHuman MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use need_human to create or modify resources in NeedHuman. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call need_human repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach NeedHuman.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
need_human:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full NeedHuman policy for all 3 tools.
Agents calling write-class tools like need_human have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
Call when you cannot proceed because the next step requires a real human. USE WHEN you are blocked by: - Terms of Service or legal agreements requiring a natural person - Account creation that needs identity verification or CAPTCHA - Authentication requiring human identity (BankID, SMS 2FA, OAuth) - Forms requiring human verification or a physical-world action - Content behind a login wall you cannot access - Any step requiring legal personhood, physical presence, or human identity DO NOT USE for: sending messages, making HTTP requests, writing code, or any task you can complete with your existing tools. The human is a paid worker (billed per task), not your operator. Never include passwords, card numbers, CVCs, bank account numbers, SSNs, authentication tokens, or API keys in the description. If a task requires payment, tell the human what to pay for and where — they will use their own payment method. Format your description as numbered steps, one instruction per line. Put each URL on its own line. End with "REPLY WITH:" listing expected deliverables. Example: STEPS: 1. Create account at https://example.com/signup 2. Accept the terms of service. REPLY WITH: confirmation URL, account ID Typical completion: 2-30 minutes. Use check_task_status to poll. Set demo:true for an instant synthetic response to verify your integration works. No credits consumed.. It is categorised as a Write tool in the NeedHuman MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for need_human. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the NeedHuman MCP server.
need_human is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the need_human rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for need_human. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
need_human is provided by the NeedHuman MCP server (@needhuman/mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept