Manage ghost/persona configuration. Controls who can interact with your ghost and at what trust level. Actions: - get: View current ghost configuration - set: Update ghost settings (enabled, trust defaults, enforcement mode) - set_trust: Set a per-user trust level override (1-5 integer) - remove_...
AI agents use remember_ghost_config to create or update resources in Remember — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Remember environment.
This tool manages access control configuration for a persona/ghost system. Most actions (set, set_trust, remove_trust, block, unblock) modify access control settings reversibly, making it a Write operation.
From the tool's definition 'set: Update ghost settings (enabled, trust defaults, enforcement mode)', 'set_trust: Set a per-user trust level override', 'remove_trust: Remove a per-user trust override', 'block: Block a user from ghost access entirely', 'unblock: Unblock a previously…
Attacks that exploit this kind of access
Manage ghost/persona configuration. Controls who can interact with your ghost and at what trust level. Actions: - get: View current ghost configuration - set: Update ghost settings (enabled, trust defaults, enforcement mode) - set_trust: Set a per-user trust level override (1-5 integer) - remove_trust: Remove a per-user trust override (revert to default) - block: Block a user from ghost access entirely - unblock: Unblock a previously blocked user Trust levels (1-5 integer scale) control what information your ghost can share: - 1 (PUBLIC): Full access (all content revealed) - 2 (INTERNAL): Partial access (content with sensitive fields redacted) - 3 (CONFIDENTIAL): Summary only (AI-generated summary, no raw content) - 4 (RESTRICTED): Metadata only (tags, type, dates — no content) - 5 (SECRET): Existence only (. It is categorised as a Write tool in the Remember MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Remember MCP server in PolicyLayer and add a rule for remember_ghost_config: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Remember. Nothing to install.
remember_ghost_config is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the remember_ghost_config rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for remember_ghost_config. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
remember_ghost_config is provided by the Remember MCP server (@prmichaelsen/remember-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →