detect_xlm_macros

Detect XLM macros using XLMMacroDeobfuscator (XLS) or Olevba (others).

Server Oletools pradeep895/oletools-mcp-server
Category Read
Risk class Low
Parameters 00 required

What detect_xlm_macros does on Oletools

AI agents call detect_xlm_macros to retrieve information from Oletools without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

Why detect_xlm_macros needs a policy

This tool retrieves and analyzes information about potential malicious content (XLM macros) within Office documents. It is a static analysis capability that identifies threats without executing code, modifying files, or causing irreversible changes. The blast radius of misuse is minimal—it only produces detection output that informs decision-making rather than taking autonomous action.

From the tool's definition Tool performs detection and analysis of XLM macros without modifying, executing, or deleting the analyzed documents. The description explicitly states it uses analysis tools (XLMMacroDeobfuscator and Olevba) for inspection purposes.

Questions about detect_xlm_macros

What does the detect_xlm_macros tool do? +

Detect XLM macros using XLMMacroDeobfuscator (XLS) or Olevba (others). It is categorised as a Read tool in the Oletools MCP Server, which means it retrieves data without modifying state.

How do I enforce a policy on detect_xlm_macros? +

Register the Oletools MCP server in PolicyLayer and add a rule for detect_xlm_macros: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Oletools. Nothing to install.

What risk level is detect_xlm_macros? +

detect_xlm_macros is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit detect_xlm_macros? +

Yes. Add a rate_limit block to the detect_xlm_macros rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block detect_xlm_macros completely? +

Set action: deny in the PolicyLayer policy for detect_xlm_macros. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides detect_xlm_macros? +

detect_xlm_macros is provided by the Oletools MCP server (pradeep895/oletools-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.