Generate a variation of an existing BGM using Soundraw. Use
AI agents use get_bgm_variations to create or update resources in Soundraw Game Bgm — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Soundraw Game Bgm environment.
This tool creates new audio content (a variation of existing BGM) via the Soundraw API. It is a Write operation — it produces/creates a new asset — but does not delete anything, execute arbitrary code, or involve finances. Severity is medium because misuse could generate unwanted or costly API calls and produce unintended audio assets, but the blast radius is limited.
From the tool's definition Generate a variation of an existing BGM using Soundraw
Attacks that exploit this kind of access
Generate a variation of an existing BGM using Soundraw. Use. It is categorised as a Write tool in the Soundraw Game Bgm MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Soundraw Game Bgm MCP server in PolicyLayer and add a rule for get_bgm_variations: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Soundraw Game Bgm. Nothing to install.
get_bgm_variations is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the get_bgm_variations rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for get_bgm_variations. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
get_bgm_variations is provided by the Soundraw Game Bgm MCP server (yksanjo/soundraw-game-bgm). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →