AI agents call zahori_get to retrieve information from Zahori without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool queries web pages to extract and return media stream metadata. While it may drive a browser to inspect page content, it performs no create, modify, delete, or execute operations—it solely retrieves information. The output is stream URLs and metadata, consistent with Read category operations like 'fetch' or 'get'. No financial, destructive, or command execution risk is present.
From the tool's definition Tool 'zahori_get' is described as resolving and retrieving media stream information (returns stream URL, kind, live/VOD, and replay headers). The verb 'Resolve' and 'Returns' indicate data retrieval with no modifications or side effects.
Attacks that exploit this kind of access
Resolve the media stream behind a page URL using saved profiles or the built-in generic flow. Returns the stream URL, kind, live/VOD, and replay headers. It is categorised as a Read tool in the Zahori MCP Server, which means it retrieves data without modifying state.
Register the Zahori MCP server in PolicyLayer and add a rule for zahori_get: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Zahori. Nothing to install.
zahori_get is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the zahori_get rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for zahori_get. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
zahori_get is provided by the Zahori MCP server (josesepulvedapino/zahori). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
zahori_get is one line of Zahori's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →