Call a specific MCP tool on a running Next.js development server. REQUIREMENTS: - Port number of the target Next.js dev server - Tool name to execute - Optional arguments object (if the tool requires parameters) Use 'nextjs_index' first to discover available servers, tools, and their input schema...
AI agents invoke nextjs_call to trigger actions in Next Devtools. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
args | string | — | |
port | string | — | Port number of the Next.js dev server (required). |
toolName | string | — | Name of the Next.js MCP tool to call (required). Use 'nextjs_index' first to discover available tool names. |
Parameters from the server's own tool schema.
This tool acts as a proxy executor, forwarding arbitrary tool calls to a running Next.js dev server. The actual effect depends on which tool is invoked, but the capability to execute arbitrary MCP tools on a live server represents significant execution power. The blast radius is high because it can trigger any tool available on the target server, potentially including destructive or write operations.
From the tool's definition 'Call a specific MCP tool on a running Next.js development server' and 'Tool name to execute' — this tool dynamically invokes arbitrary tools on a remote server
Attacks that exploit this kind of access
Call a specific MCP tool on a running Next.js development server. REQUIREMENTS: - Port number of the target Next.js dev server - Tool name to execute - Optional arguments object (if the tool requires parameters) Use 'nextjs_index' first to discover available servers, tools, and their input schemas. If 'nextjs_index' auto-discovery fails, ask the user for the port and call 'nextjs_index' again with the 'port' parameter. IMPORTANT: When calling tools: - The 'args' parameter MUST be an object (e.g., {key: "value"}), NOT a string - If a tool doesn't require arguments, OMIT the 'args' parameter entirely - do NOT pass {} or "{}" - Check the tool's inputSchema from 'nextjs_index' to see what arguments are required Common Next.js MCP tools include: - Error diagnostics (get compilation/runtime errors) - Route information (list all routes) - Build status (check compilation state) - Cache management (clear caches) - And more (varies by Next.js version) Example usage: 1. Call 'nextjs_index' to see servers and tools 2. Call 'nextjs_call' with port=3000, toolName="get_errors" to get errors from server on port 3000. It is categorised as a Execute tool in the Next Devtools MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
nextjs_call accepts 3 parameters: args, port, toolName. The full parameter table on this page comes from the server's own tool schema.
Register the Next Devtools MCP server in PolicyLayer and add a rule for nextjs_call: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Next Devtools. Nothing to install.
nextjs_call is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the nextjs_call rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for nextjs_call. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
nextjs_call is provided by the Next Devtools MCP server (next-devtools-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →