// MCP TOOL REFERENCE
Low Risk

find_tool

Look up an existing tool by ID or search for tools by query. Use

How to control find_tool ↓

WHAT FIND_TOOL ON SUPERGLUE MCP DOES

AI agents call find_tool to retrieve information from Superglue MCP without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

THE RISK

Low Risk

This tool retrieves metadata about existing tools in the Superglue system. It is a read-only query operation that returns information without side effects, state changes, or code execution. The search and lookup functions are classic Read operations. Severity is low because discovering available tools poses minimal risk even if an AI agent queries broadly, as no data is modified, deleted, or executed.

From the tool's definition Tool description states 'Look up an existing tool by ID or search for tools by query' — explicitly a lookup/search operation with no modification or execution capability.

Documented attack patterns abuse exactly the kind of access find_tool gives an agent:

HOW TO CONTROL FIND_TOOL

PolicyLayer is an MCP gateway — it sits between your AI agents and Superglue MCP, and nothing reaches the server without passing your rules. This is the rule we recommend for find_tool:

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "find_tool": {}
  }
}

find_tool is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.

  1. Create a free account and register Superglue MCP — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
CAP THIS TOOL →

Free to start. No card required.

EXPLORE

More Superglue MCP tools

Execute run_tool Executes a tool — either a draft (by draftId) or a saved tool (by toolId), not both. Keep Execute authenticate_oauth Initiates OAuth flow for a system. Credentials (client_id/secret) must already be stored o Execute call_system Explore APIs, databases, and file servers, verify authentication, test endpoints, and exam Execute test_role_access Test a custom rule expression against a sample stepConfig. Evaluates a JS expression local Write build_tool Builds a new superglue tool by accepting the full tool configuration JSON. Successful Write create_system Creates and saves a new system. If credentials are provided, a confirmation UI appears tha Write edit_role Edit a role Write edit_system Edits an existing system. Provide only the fields to change — omitted fields are preserved

All 21 Superglue MCP tools →

Read tools on other servers

Frida Game Hacking MCP check_installation Procmon analyze_pe MegaMemory get_concept WireMCP analyze_pcap

Go deeper

FAQ

What does the find_tool tool do? +

Look up an existing tool by ID or search for tools by query. Use. It is categorised as a Read tool in the Superglue MCP MCP Server, which means it retrieves data without modifying state.

How do I enforce a policy on find_tool? +

Register the Superglue MCP server in PolicyLayer and add a rule for find_tool: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Superglue MCP. Nothing to install.

What risk level is find_tool? +

find_tool is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit find_tool? +

Yes. Add a rate_limit block to the find_tool rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block find_tool completely? +

Set action: deny in the PolicyLayer policy for find_tool. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides find_tool? +

find_tool is provided by the Superglue MCP server (superglue-ai/superglue). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Superglue MCP tool call.

Deterministic rules across all 21 Superglue MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN SUPERGLUE →

Free to start. No card required.

21 Superglue MCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.