// MCP TOOL REFERENCE
Medium Risk

onui_update_annotation_metadata

Update metadata for a single annotation (status/intent/severity/comment).

How to control onui_update_annotation_metadata ↓

WHAT ONUI_UPDATE_ANNOTATION_METADATA ON ONUI DOES

AI agents use onui_update_annotation_metadata to create or update resources in onUI — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your onUI environment.

THE RISK

Medium Risk

This is a Write operation because it creates or modifies data reversibly—updating annotation metadata is a non-destructive change that can be undone or corrected. The severity is medium because misuse could corrupt or spam annotation metadata across UI elements, affecting team workflows, but does not irreversibly delete data or access sensitive financial/authentication systems.

From the tool's definition Tool name includes 'update' and description states it modifies metadata fields (status/intent/severity/comment) for annotations.

Documented attack patterns abuse exactly the kind of access onui_update_annotation_metadata gives an agent:

HOW TO CONTROL ONUI_UPDATE_ANNOTATION_METADATA

PolicyLayer is an MCP gateway — it sits between your AI agents and onUI, and nothing reaches the server without passing your rules. This is the rule we recommend for onui_update_annotation_metadata:

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "onui_update_annotation_metadata": {
      "limits": [
        {
          "counter": "onui_update_annotation_metadata_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

onui_update_annotation_metadata stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.

  1. Create a free account and register onUI — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

More onUI tools

Destructive onui_clear_page_annotations Delete all annotations for a specific page URL. Destructive onui_delete_annotation Delete a single annotation by id. Write onui_bulk_update_annotation_metadata Bulk update metadata for multiple annotations. Read onui_get_annotations Get annotations for a specific page URL. Read onui_get_report Generate annotation report in compact/standard/detailed/forensic format. Read onui_list_pages List pages that have onUI annotations in the local store. Read onui_search_annotations Search annotations across the local store with optional filters.

All 8 onUI tools →

Write tools on other servers

Frida Game Hacking MCP resolve_symbol MegaMemory create_concept Pentest Ai close_engagement Firecrawl Web Scraping Server firecrawl_generate_llmstxt

Go deeper

FAQ

What does the onui_update_annotation_metadata tool do? +

Update metadata for a single annotation (status/intent/severity/comment). It is categorised as a Write tool in the onUI MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on onui_update_annotation_metadata? +

Register the onUI MCP server in PolicyLayer and add a rule for onui_update_annotation_metadata: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches onUI. Nothing to install.

What risk level is onui_update_annotation_metadata? +

onui_update_annotation_metadata is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit onui_update_annotation_metadata? +

Yes. Add a rate_limit block to the onui_update_annotation_metadata rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block onui_update_annotation_metadata completely? +

Set action: deny in the PolicyLayer policy for onui_update_annotation_metadata. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides onui_update_annotation_metadata? +

onui_update_annotation_metadata is provided by the onUI MCP server (onllm-dev/onui). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every onUI tool call.

Deterministic rules across all 8 onUI tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN ONUI →

Free to start. No card required.

8 onUI tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.