D Risk Grade Stepsecurity · worst category: Destructive

STEPSECURITY TOOLS

30 tools from the Stepsecurity MCP Server, categorised by risk level.

READ 27 tools
Read analyze_anomalous_calls_by_process Group tenant-wide anomalous network-call detections by the calling process. Goal: spot VPN / mesh-networkin... Read check_ioc_in_baseline Search the Harden-Runner org baseline for a domain or IP indicator of compromise. Uses the server-side Read check_npm_package_exposure Org-wide (CI-side) Read check_npm_package_on_dev_machines Developer-machine Read check_pypi_package_exposure Org-wide (CI-side) Read check_python_package_on_dev_machines Developer-machine Read describe_capabilities Describe what this MCP server can do and how to use it. Call this when the user asks Read find_endpoint_calls_in_tenant Find every workflow-run observation of a given network endpoint across EVERY GitHub org installed under the... Read find_repos_using_endpoint Find every repo in an org whose Harden-Runner baseline contains a given network endpoint (domain or IP, sub... Read get_my_tenant Return the StepSecurity customer/tenant identifier configured on this MCP server, along with a link to the ... Read get_suppression_rule Get one suppression rule by id. Read-only. Read get_threat_incident Get full details of one threat-center incident — including the Read list_anomalous_network_calls List anomalous outbound network-call detections across the tenant (all orgs installed under the customer). Read list_blocked_domain_calls List detections where Harden-Runner actively BLOCKED an outbound network call (egress-policy enforcement). ... Read list_detections List Harden-Runner detections for an organization, filtered by detection type and status. Common detection ... Read list_github_api_calls_in_run List every HTTPS call to github.com or api.github.com made by jobs in a specific workflow run. Useful for a... Read list_https_outbound_calls List HTTPS outbound network-call detections (TLS-intercepted calls with method + path). Useful when you nee... Read list_imposter_commit_detections List detections where a GitHub Action is pinned to a commit SHA that doesn Read list_recent_workflow_runs List the 100 most recent Harden-Runner-monitored workflow runs for a GitHub organization, optionally narrow... Read list_secrets_in_build_log List detections where a secret (API key, private key, token, etc.) was detected in a CI build log. The API ... Read list_suppression_rules List all suppression (detection) rules configured for the tenant. Use this before creating a new rule to ch... Read list_suspicious_process_events List suspicious-process-event detections across the tenant. This is a virtual detection ID that aggregates ... Read list_tenant_github_orgs List every GitHub organization installed under a StepSecurity tenant. Call this first when a user asks for ... Read list_threat_incidents List supply-chain threat-center incidents tracked by StepSecurity for a GitHub organization. ALWAYS call th... Read ping Returns Read preview_suppression_rule APPROXIMATE client-side preview of what creating a suppression rule would do. Fetches recent detections of ... Read search_action_usage Find which workflows across the organization use a given GitHub Action. Useful for responding to a compromi...

Route Stepsecurity through PolicyLayer and every one of its 30 tools is checked against your policy before it runs.

CHECK YOUR STACK →

See every tool, the dangerous ones, and the token cost across your stack.

How many tools does the Stepsecurity MCP server have? +

The Stepsecurity MCP server exposes 30 tools across 3 categories: Read, Write, Destructive.

How do I enforce policies on Stepsecurity tools? +

Route the Stepsecurity server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Stepsecurity tools fall into? +

Stepsecurity tools are categorised as Read (27), Write (2), Destructive (1). Each category has a recommended default policy.

Enforce policy on every Stepsecurity tool call.

Start from Stepsecurity, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

Instant setup, no code required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.