// MCP TOOL REFERENCE
High Risk →

call_system

Explore APIs, databases, and file servers, verify authentication, test endpoints, and examine response formats. Load the relevant protocol skill first. Only call ONE AT A TIME. Auth is always explicit — include headers for HTTP or embed credentials in the connection URL for databases/Redis/file s...

How to control call_system ↓

WHAT CALL_SYSTEM ON SUPERGLUE MCP DOES

AI agents invoke call_system to trigger actions in Superglue MCP. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

THE RISK

High Risk

This tool executes real calls against external APIs, databases, and file servers. It can trigger arbitrary external operations depending on arguments, including authenticated requests with embedded credentials. The blast radius is high because it can reach production systems, databases, and file servers with supplied credentials, potentially causing unintended side effects across integrated systems.

From the tool's definition Explore APIs, databases, and file servers, verify authentication, test endpoints, and examine response formats... Auth is always explicit — include headers for HTTP or embed credentials in the connection URL for databases/Redis/file servers

Documented attack patterns abuse exactly the kind of access call_system gives an agent:

HOW TO CONTROL CALL_SYSTEM

PolicyLayer is an MCP gateway — it sits between your AI agents and Superglue MCP, and nothing reaches the server without passing your rules. This is the rule we recommend for call_system:

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "call_system": {
      "limits": [
        {
          "counter": "call_system_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

call_system stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

  1. Create a free account and register Superglue MCP — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

More Superglue MCP tools

Execute run_tool Executes a tool — either a draft (by draftId) or a saved tool (by toolId), not both. Keep Execute authenticate_oauth Initiates OAuth flow for a system. Credentials (client_id/secret) must already be stored o Execute test_role_access Test a custom rule expression against a sample stepConfig. Evaluates a JS expression local Write build_tool Builds a new superglue tool by accepting the full tool configuration JSON. Successful Write create_system Creates and saves a new system. If credentials are provided, a confirmation UI appears tha Write edit_role Edit a role Write edit_system Edits an existing system. Provide only the fields to change — omitted fields are preserved Write edit_tool Modifies a tool using JSON Patch operations. Provide either draftId (for playground drafts

All 21 Superglue MCP tools →

Execute tools on other servers

Frida Game Hacking MCP remove_breakpoint Procmon request_elevation WireMCP capture_packets Pentest Ai run_probe

Go deeper

FAQ

What does the call_system tool do? +

Explore APIs, databases, and file servers, verify authentication, test endpoints, and examine response formats. Load the relevant protocol skill first. Only call ONE AT A TIME. Auth is always explicit — include headers for HTTP or embed credentials in the connection URL for databases/Redis/file servers. Supports <<systemId_credKey>> placeholders. In bodies, use file::<key>.raw/.extracted/.base64. Multipart/form-data auto-builds FormData from JSON objects. It is categorised as a Execute tool in the Superglue MCP MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on call_system? +

Register the Superglue MCP server in PolicyLayer and add a rule for call_system: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Superglue MCP. Nothing to install.

What risk level is call_system? +

call_system is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit call_system? +

Yes. Add a rate_limit block to the call_system rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block call_system completely? +

Set action: deny in the PolicyLayer policy for call_system. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides call_system? +

call_system is provided by the Superglue MCP server (superglue-ai/superglue). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Superglue MCP tool call.

Deterministic rules across all 21 Superglue MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN SUPERGLUE →

Free to start. No card required.

21 Superglue MCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.