List all OpenSCAD files in a project directory and map their dependencies. Recursively finds every .scad file under *project_dir*, parses each file for include and use statements, and returns a structured overview of the project's file tree and dependency graph. Args: project_dir: Root directory ...
AI agents call get_project_files to retrieve information from OpenSCAD MCP Server without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This is a Read operation: it retrieves file system information and parses text content without side effects. However, severity is elevated to medium rather than low because (1) the tool recursively traverses arbitrary project directories, which could enumerate sensitive file structures if access controls are misconfigured, and (2) the dependency graph extraction involves parsing code, which while not executing it,…
From the tool's definition Tool performs recursive directory traversal and file enumeration ('Recursively finds every `.scad` file'), parses file contents to extract include/use statements, and returns 'structured overview of the project's file tree and dependency graph.' No…
Risk signalsAdmin/system-level operation
Documented attack patterns abuse exactly the kind of access get_project_files gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and OpenSCAD MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for get_project_files:
{
"version": "1",
"default": "deny",
"tools": {
"get_project_files": {}
}
}get_project_files is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
List all OpenSCAD files in a project directory and map their dependencies. Recursively finds every .scad file under *project_dir*, parses each file for include and use statements, and returns a structured overview of the project's file tree and dependency graph. Args: project_dir: Root directory of the OpenSCAD project. Validated against security.allowed_paths when configured. ctx: MCP context for logging Returns: Dict with success status, files list (each with name, path, size_bytes, modified), and dependencies mapping (relative path to list of dependency strings). It is categorised as a Read tool in the OpenSCAD MCP Server MCP Server, which means it retrieves data without modifying state.
Register the OpenSCAD MCP Server MCP server in PolicyLayer and add a rule for get_project_files: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches OpenSCAD MCP Server. Nothing to install.
get_project_files is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the get_project_files rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for get_project_files. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
get_project_files is provided by the OpenSCAD MCP Server MCP server (quellant/openscad-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 13 OpenSCAD MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
13 OpenSCAD MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.