Set a translation key in multiple locales at once.
AI agents use set_all to create or update resources in Mcp Locator — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Mcp Locator environment.
This tool creates or modifies translation data in multiple locale files reversibly. While it writes to files, the changes are not irreversible (they can be edited or reverted), and there is no data deletion or financial impact. The blast radius is medium because misconfigured translations could break application UI/UX across multiple locales, but data can be recovered.
From the tool's definition Tool description explicitly states 'Set a translation key in multiple locales at once' - a modification operation. Server description confirms it 'lets AI agents read and write locale JSON translation files directly.'
Risk signalsBulk/mass operation — affects multiple targets
Attacks that exploit this kind of access
Set a translation key in multiple locales at once. It is categorised as a Write tool in the Mcp Locator MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Mcp Locator MCP server in PolicyLayer and add a rule for set_all: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp Locator. Nothing to install.
set_all is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the set_all rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for set_all. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
set_all is provided by the Mcp Locator MCP server (tankonyako/mcp-locator). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →