Scf

Unverified
NPMmcp-server-scf
FRisk gradecritical blast radius
Catalogue entry updated 1 days ago
Auth postureNot probedno remote endpoint probed yet
Tools743 Destructive · 5 Execute · 17 Write · 49 Read
Worst categoryDestructivegrade tracks the peak, not the average
Capability mix
Destructive 3Execute 5Write 17Read 49
What it can reach
Ingests untrusted inputTouches secretsReaches networkRuns codeTouches filesChanges permissionsSends external commsPersistsDeletes dataMoves money
Tools 74
scf_delete_custom_riskDestructiveHighscf_delete_webhookDestructiveHighscf_remove_custom_risk_controlDestructiveMediumscf_bulk_assess_evidenceExecuteHighscf_revalidate_evidence_fileExecuteMedium
View all 74 tools
scf_trigger_evidence_assessmentExecuteHighscf_trigger_vendor_researchExecuteMediumscf_trigger_window_assessmentExecuteHighscf_add_custom_risk_controlWriteMediumscf_batch_update_controlsWriteMediumscf_bulk_assess_windowsWriteMediumscf_create_custom_riskWriteMediumscf_create_evidenceWriteMediumscf_create_riskWriteMediumscf_create_systemWriteMediumscf_create_vendorWriteMediumscf_create_webhookWriteHighscf_rotate_webhook_secretWriteHighscf_scope_frameworkWriteHighscf_trigger_dpsiaWriteMediumscf_update_custom_riskWriteMediumscf_update_evidenceWriteMediumscf_update_scoped_controlWriteMediumscf_update_systemWriteMediumscf_update_vendorWriteMediumscf_get_audit_logReadLowscf_get_capability_themeReadLowscf_get_capability_theme_evidence_postureReadLowscf_get_capability_theme_scorecardReadLowscf_get_controlReadLowscf_get_control_assessment_compositeReadLowscf_get_current_userReadLowscf_get_evidence_assessmentReadLowscf_get_evidence_assessment_summaryReadLowscf_get_evidence_fileReadLowscf_get_evidence_maturityReadLowscf_get_evidence_validationReadLowscf_get_evidence_validation_summaryReadLowscf_get_notificationsReadLowscf_get_organizationReadLowscf_get_riskReadLowscf_get_risk_matrixReadLowscf_get_risk_summaryReadLowscf_get_scoped_controlReadLowscf_get_scoping_statsReadLowscf_get_vendorReadLowscf_get_vendor_researchReadLowscf_get_webhookReadLowscf_get_window_assessmentReadLowscf_get_window_assessment_summaryReadLowscf_get_work_queueReadLowscf_list_assessment_objectivesReadLowscf_list_capabilitiesReadLowscf_list_capability_theme_controlsReadLowscf_list_capability_themesReadLowscf_list_control_assessment_compositesReadLowscf_list_controlsReadLowscf_list_custom_risk_controlsReadLowscf_list_custom_risksReadLowscf_list_domainsReadLowscf_list_evidenceReadLowscf_list_evidence_catalogReadLowscf_list_evidence_filesReadLowscf_list_evidence_tasksReadLowscf_list_frameworksReadLowscf_list_membersReadLowscf_list_organizationsReadLowscf_list_risksReadLowscf_list_scoped_controlsReadLowscf_list_systemsReadLowscf_list_vendorsReadLowscf_list_webhook_deliveriesReadLowscf_list_webhooksReadLowscf_list_window_assessmentsReadLow
Change history
No changes recorded since first scan. Watched servers surface a diff within the hour.
Recommended policy
scf_delete_custom_riskdeny
scf_bulk_assess_evidencerequire approval
scf_add_custom_risk_controlrate limit
Read-only toolsallow
Full policy breakdown with enforcement rules →
DIRECT INSTALL npx -y mcp-server-scf

Installed this way, nothing enforces the recommended policy above — calls run exactly as the agent makes them.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.