clone_website

THE RISK

High Risk

Why clone_website needs a policy

Cloning an entire website involves crawling multiple pages, downloading all assets, and storing them — this triggers extensive external network operations whose scope and impact depend entirely on the target URL argument. It is not a simple read (it writes to local storage and hammers the remote server), not purely destructive, but constitutes a broad external operation.

From the tool's definition Clone/download an entire website with all its pages and assets

Risk signalsBulk/mass operation — affects multiple targets

Documented attack patterns abuse exactly the kind of access clone_website gives an agent:

POLICY

How to control clone_website

PolicyLayer is an MCP gateway — it sits between your AI agents and WebClone MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for clone_website:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "clone_website": {
      "limits": [
        {
          "counter": "clone_website_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

clone_website stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

Create a free account and register WebClone MCP Server — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

Related tools and policies

More WebClone MCP Server tools

Write save_authentication Save authentication cookies for a website. Opens a browser Read download_file Download a specific file or URL. Simpler than clone_website, Read get_site_info Get information about a website without downloading it. Read list_saved_sessions List all saved authentication sessions/cookies.

All 5 WebClone MCP Server tools →

Execute tools on other servers

Android Forensics ADB MCP Server adb_shell_command EMBA-MCP run_emba_scan Frida Game Hacking MCP remove_breakpoint Procmon request_elevation

Go deeper

High-risk tools in WebClone MCP Server → Every high-risk tool this server exposes, in one view.
All high-risk MCP tools → Every high-risk tool across the catalogue, and the policy pattern that contains them.
The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Agent sandbox → Bounding what an agent can execute and where the boundary should sit.
Least privilege for MCP → Granting agents the minimum tool surface the task needs.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

Questions about clone_website

What does the clone_website tool do? +

Clone/download an entire website with all its pages and assets. It is categorised as a Execute tool in the WebClone MCP Server MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on clone_website? +

Register the WebClone MCP Server MCP server in PolicyLayer and add a rule for clone_website: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches WebClone MCP Server. Nothing to install.

What risk level is clone_website? +

clone_website is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit clone_website? +

Yes. Add a rate_limit block to the clone_website rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block clone_website completely? +

Set action: deny in the PolicyLayer policy for clone_website. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides clone_website? +

clone_website is provided by the WebClone MCP Server MCP server (ruslanmv/webclone). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every WebClone MCP Server tool call.

Start from WebClone MCP Server, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →