// MCP TOOL REFERENCE
Medium Risk

report_bypass

Call this when: (a) a user reports that harmful content received a safe verdict, (b) a downstream system detects an issue that scanning missed (e.g., a WAF blocks a request that Shrike allowed), or (c) post-processing analysis reveals content that should have been caught. Supports multiple bypass...

Risk signalsAccepts file system path (filePath) · Bulk/mass operation — affects multiple targets

Part of the Shrike Security server.

report_bypass can modify Shrike Security data, with no limits today. PolicyLayer puts allow, deny, and rate-limit rules on every call. Live in minutes.

SECURE SHRIKE SECURITY →

Free to start. No card required.

WHEN AGENTS USE THIS TOOL

AI agents use report_bypass to create or modify resources in Shrike Security. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.

Without a policy, an AI agent could call report_bypass repeatedly, creating or modifying resources faster than any human could review. PolicyLayer's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Shrike Security.

RECOMMENDED POLICY

Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "report_bypass": {
      "limits": [
        {
          "counter": "report_bypass_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

See the full Shrike Security policy for all 12 tools.

Get this rule live on your own Shrike Security server in minutes. PolicyLayer enforces it on every call, before it runs.

ENFORCE ON MY SHRIKE SECURITY →

MORE SHRIKE SECURITY TOOLS

Destructive reset_session Read check_approval Read get_threat_intel Read scan_a2a_message Read scan_agent_card Read scan_command Read scan_file_write Read scan_prompt

View all 12 tools →

WHAT CAN GO WRONG

These attack patterns abuse exactly the kind of access report_bypass gives an agent. Each links to the full case and the policy that stops it:

Browse the full MCP Attack Database →

Every attack above starts with a tool call. PolicyLayer checks each one against your policy first, so report_bypass only ever does what you allow.

SECURE SHRIKE SECURITY →

OTHER WRITE TOOLS

Other write tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.

Firecrawl Web Scraping Server firecrawl_generate_llmstxt AbraFlexi contact_create AbraFlexi contact_update AbraFlexi evidence_create AbraFlexi evidence_update AbraFlexi invoice_issued_update

RELATED READING

FAQ

What does the report_bypass tool do? +

Call this when: (a) a user reports that harmful content received a safe verdict, (b) a downstream system detects an issue that scanning missed (e.g., a WAF blocks a request that Shrike allowed), or (c) post-processing analysis reveals content that should have been caught. Supports multiple bypass types: - Prompt bypasses: Use 'prompt' field - File write bypasses: Use 'filePath' and/or 'fileContent' fields - SQL bypasses: Use 'sqlQuery' field - Web search bypasses: Use 'searchQuery' field Include mutationType if known (semantic_rewrite, encoding_exploit, unicode_tricks, etc.) and category for better classification. The bypass is analyzed and may generate a new detection pattern via ThreatSense adaptive learning. Enterprise context: Every bypass report strengthens detection for all users. Security teams can track bypass patterns over time for compliance reporting and coverage gap analysis. ERROR HANDLING: If this tool returns an error, log the bypass details locally and retry later. Bypass reports are non-blocking — do NOT halt your pipeline on report_bypass failure.. It is categorised as a Write tool in the Shrike Security MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on report_bypass? +

Register the Shrike Security MCP server in PolicyLayer and add a rule for report_bypass: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Shrike Security. Nothing to install.

What risk level is report_bypass? +

report_bypass is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit report_bypass? +

Yes. Add a rate_limit block to the report_bypass rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block report_bypass completely? +

Set action: deny in the PolicyLayer policy for report_bypass. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides report_bypass? +

report_bypass is provided by the Shrike Security MCP server (shrike-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Shrike Security tool call.

Deterministic rules across all 12 Shrike Security tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE SHRIKE SECURITY →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.