clevertap_web_login

Open a Chromium browser window and navigate to the CleverTap dashboard login page. After you complete login (supports SSO and 2FA), the session cookie and CSRF token are captured automatically and stored for the project. Call clevertap_web_request afterwards to use them.

Server Clevertap ralphcorleone/clevertap-mcp
Category Execute
Risk class High
Parameters 00 required

What clevertap_web_login does on Clevertap

AI agents invoke clevertap_web_login to trigger actions in Clevertap. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

Why clevertap_web_login needs a policy

This tool launches a browser, captures authentication credentials (session cookie and CSRF token), and stores them. It triggers external browser operations and captures sensitive auth tokens, making it Execute category. The severity is high because misuse could lead to session hijacking or unauthorized access to the CleverTap dashboard.

From the tool's definition Open a Chromium browser window and navigate to the CleverTap dashboard login page... the session cookie and CSRF token are captured automatically and stored for the project

Questions about clevertap_web_login

What does the clevertap_web_login tool do? +

Open a Chromium browser window and navigate to the CleverTap dashboard login page. After you complete login (supports SSO and 2FA), the session cookie and CSRF token are captured automatically and stored for the project. Call clevertap_web_request afterwards to use them. It is categorised as a Execute tool in the Clevertap MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on clevertap_web_login? +

Register the Clevertap MCP server in PolicyLayer and add a rule for clevertap_web_login: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Clevertap. Nothing to install.

What risk level is clevertap_web_login? +

clevertap_web_login is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit clevertap_web_login? +

Yes. Add a rate_limit block to the clevertap_web_login rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block clevertap_web_login completely? +

Set action: deny in the PolicyLayer policy for clevertap_web_login. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides clevertap_web_login? +

clevertap_web_login is provided by the Clevertap MCP server (ralphcorleone/clevertap-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.