自动下载并部署CloudBase项目模板。 Note: Call this tool when the user requests to create a new project using a CloudBase template.\n\n支持的模板:\n- react: React + CloudBase 全栈应用模板\n- vue: Vue + CloudBase 全栈应用模板\n- miniprogram: 微信小程序 + 云开发模板 \n- uniapp: UniApp + CloudBase 跨端应用模板\n- rules: 只包含AI编辑器配置文件(包含Cursor、Win...
AI agents use downloadTemplate to create or update resources in CloudBase MCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your CloudBase MCP environment.
This tool downloads and deploys project templates, creating new project files and configurations on the local filesystem and potentially cloud resources. It creates/writes new files and sets up project structure. While it may trigger some cloud resource setup, the primary action is creating new project files — a Write operation. Not Destructive since it creates new projects rather than overwriting existing data.
From the tool's definition 自动下载并部署CloudBase项目模板 (automatically downloads and deploys CloudBase project templates)
Documented attack patterns abuse exactly the kind of access downloadTemplate gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and CloudBase MCP, and nothing reaches the server without passing your rules. This is the rule we recommend for downloadTemplate:
{
"version": "1",
"default": "deny",
"tools": {
"downloadTemplate": {
"limits": [
{
"counter": "downloadtemplate_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}downloadTemplate stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
自动下载并部署CloudBase项目模板。 Note: Call this tool when the user requests to create a new project using a CloudBase template.\n\n支持的模板:\n- react: React + CloudBase 全栈应用模板\n- vue: Vue + CloudBase 全栈应用模板\n- miniprogram: 微信小程序 + 云开发模板 \n- uniapp: UniApp + CloudBase 跨端应用模板\n- rules: 只包含AI编辑器配置文件(包含Cursor、WindSurf、CodeBuddy等所有主流编辑器配置),适合在已有项目中补充AI编辑器配置\n\n支持的IDE类型:\n- all: 下载所有IDE配置\n- cursor: Cursor AI编辑器\n- 其他IDE类型见下方列表\n\n注意:如果未传入 ide 参数且无法从环境变量检测到 IDE,将提示错误并要求传入 ide 参数\n- windsurf: WindSurf AI编辑器\n- codebuddy: CodeBuddy AI编辑器\n- claude-code: Claude Code AI编辑器\n- cline: Cline AI编辑器\n- gemini-cli: Gemini CLI\n- opencode: OpenCode AI编辑器\n- qwen-code: 通义灵码\n- baidu-comate: 百度Comate\n- openai-codex-cli: OpenAI Codex CLI\n- augment-code: Augment Code\n- github-copilot: GitHub Copilot\n- roocode: RooCode AI编辑器\n- tongyi-lingma: 通义灵码\n- trae: Trae AI编辑器\n- qoder: Qoder AI编辑器\n- antigravity: Google Antigravity AI编辑器\n- vscode: Visual Studio Code\n- kiro: Kiro AI编辑器\n- aider: Aider AI编辑器\n\n特别说明:\n- rules 模板会自动包含当前 mcp 版本号信息(版本号:${typeof __MCP_VERSION__ !==. It is categorised as a Write tool in the CloudBase MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the CloudBase MCP server in PolicyLayer and add a rule for downloadTemplate: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches CloudBase MCP. Nothing to install.
downloadTemplate is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the downloadTemplate rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for downloadTemplate. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
downloadTemplate is provided by the CloudBase MCP server (tencentcloudbase/cloudbase-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 8 CloudBase MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
8 CloudBase MCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.