Jules MCP Server
UnverifiedREPOstreetquant/jules-mcp
F
Catalogue entry updated 3 days ago
Auth postureNot probedno remote endpoint probed yet
Tools261 Destructive · 5 Execute · 4 Write · 16 Read
Worst categoryDestructivegrade tracks the peak, not the average
Capability mix
Destructive 1Execute 5Write 4Read 16
What it can reach
Ingests untrusted inputTouches secretsReaches networkRuns codeTouches filesChanges permissionsSends external commsPersistsDeletes dataMoves money
Exfiltration pathReads content an attacker can plant and can send data outward — a prompt-injection-to-exfiltration route.
Tools 26
jules_cancel_sessionjules_approve_planjules_create_and_waitjules_quick_taskjules_wait_for_completion
View all 26 tools
send_reply_to_sessioncreate_sessionjules_create_sessionjules_reject_planjules_send_messageget_bash_outputsget_code_review_contextget_session_statejules_get_latest_activityjules_get_sessionjules_get_session_planjules_get_session_summaryjules_get_sourcejules_list_activitiesjules_list_sessionsjules_list_sourcesjules_sync_local_codebasejules_wait_for_planlist_sessionsquery_cacheshow_code_diff
Change history
No changes recorded since first scan. Watched servers surface a diff within the hour.
Recommended policy
jules_cancel_sessiondeny
jules_approve_planrequire approval
create_sessionrate limit
Read-only toolsallow
Full policy breakdown with enforcement rules →