Sally roasts frontend/UI code — wasteful re-renders, load-bearing z-index, accessibility sins, and questionable component design. Use for HTML/CSS/JSX/Vue/Svelte or other UI code; for general-purpose code use sally_roast instead. Sends only the provided code to the Cynical Sally backend — never s...
AI agents call sally_frontend to retrieve information from Cynical Sally without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool retrieves and analyzes code to provide code review feedback. It has no side effects on systems or data — it merely reads the provided code snippet and returns textual analysis in markdown format.
From the tool's definition Tool description explicitly states "Read-only: never modifies files" and "Returns markdown with categorized issues and fixes." The tool analyzes frontend code and provides feedback without creating, modifying, deleting, or executing anything.
Documented attack patterns abuse exactly the kind of access sally_frontend gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Cynical Sally, and nothing reaches the server without passing your rules. This is the rule we recommend for sally_frontend:
{
"version": "1",
"default": "deny",
"tools": {
"sally_frontend": {}
}
}sally_frontend is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Sally roasts frontend/UI code — wasteful re-renders, load-bearing z-index, accessibility sins, and questionable component design. Use for HTML/CSS/JSX/Vue/Svelte or other UI code; for general-purpose code use sally_roast instead. Sends only the provided code to the Cynical Sally backend — never stored, never used for training. Read-only: never modifies files. Returns markdown with categorized issues and fixes. Premium tool: one free use per month on the free tier, unlimited with Full Suite. It is categorised as a Read tool in the Cynical Sally MCP Server, which means it retrieves data without modifying state.
Register the Cynical Sally MCP server in PolicyLayer and add a rule for sally_frontend: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Cynical Sally. Nothing to install.
sally_frontend is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the sally_frontend rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for sally_frontend. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
sally_frontend is provided by the Cynical Sally MCP server (w1ckedxt/cynical-sally). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 8 Cynical Sally tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
8 Cynical Sally tools catalogued and risk-classified — across an index of 42,500+ MCP servers.