Log into Steady using the email+password flow and store fresh cookies locally for other tools to use. Reads credentials from env vars (STEADY_EMAIL + STEADY_PASSWORD or STEADY_PASSWORD_COMMAND or macOS Keychain).
AI agents use steady_login to create or update resources in Steady MCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Steady MCP environment.
This tool creates/modifies authentication state by storing cookies locally. While login itself might seem like an Execute operation, the primary documented effect is storing authentication credentials locally ('store fresh cookies'), which is a reversible write operation. It does not delete data (Destructive), move money (Financial), or execute arbitrary code (Execute).
From the tool's definition Tool performs 'Log into Steady' and 'store fresh cookies locally' which are state-modifying operations. Description explicitly states it reads credentials from environment and stores authentication artifacts.
Attacks that exploit this kind of access
Log into Steady using the email+password flow and store fresh cookies locally for other tools to use. Reads credentials from env vars (STEADY_EMAIL + STEADY_PASSWORD or STEADY_PASSWORD_COMMAND or macOS Keychain). It is categorised as a Write tool in the Steady MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Steady MCP server in PolicyLayer and add a rule for steady_login: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Steady MCP. Nothing to install.
steady_login is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the steady_login rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for steady_login. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
steady_login is provided by the Steady MCP server (sarthak-ignite/steady-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →