MCP compliance catalog

Every MCP tool in the SCOPE compliance index, grouped by server — risk posture, regulatory exposure, and the tools that warrant tighter governance.
80MCP servers
1695tools
Reset 80 of 80 servers
Vercel
20 tools · footprint 41
2 critical 3 high 2 med 13 low COSOSOX
Zapier
14 tools · footprint 39
1 critical 3 high 3 med 7 low COSOPCI+1 more
GitHub
83 tools · footprint 38
1 high 20 med 62 low COSOSOX
Snowflake
6 tools · footprint 37
2 critical 3 high 1 med COSOSOX
Calendly
35 tools · footprint 34
2 high 13 med 20 low
Smartsheet
42 tools · footprint 34
2 high 9 med 31 low COSOSOX
Ramp
17 tools · footprint 33
5 high 5 med 7 low COSOGLBA+2 more
Attio
37 tools · footprint 32
4 high 14 med 19 low
Egnyte
21 tools · footprint 31
3 high 9 med 9 low
Stytch
7 tools · footprint 31
1 critical 2 high 2 med 2 low
Wix
16 tools · footprint 29
1 critical 1 high 1 med 13 low COSOPCI+1 more
WordPress.com
19 tools · footprint 28
3 high 6 med 10 low COSOSOX
Oracle NetSuite
11 tools · footprint 27
3 high 3 med 5 low COSOSOX
Atlassian Rovo
54 tools · footprint 24
13 med 41 low
ZoomInfo
15 tools · footprint 24
5 high 4 med 6 low
Braze
40 tools · footprint 23
1 high 5 med 34 low COSOSOX
‹ PrevPage 2 of 5Next ›
CloudflareDocs ↗
3 critical 4 high 6 med 13 low · 26 tools · 7 SoD-flagged
regimes APPICCPAGDPRISO_27001LGPDNIST_CSFPIPEDAPIPLPOPIASOC2UK_GDPR

Tools needing tighter control (7 of 26)

cloudflare.execute critical conf mediumhuman approval
Generic dispatcher executing arbitrary Cloudflare API calls; can deploy code, change DNS, rotate keys, modify zero-trust policy.
cloudflare.r2_bucket_delete critical conf highhuman approval
Destroys an R2 bucket and all stored objects; mass data loss.
cloudflare.d1_database_delete critical conf highhuman approval
Destroys a D1 database and all rows; data loss is irreversible.
cloudflare.kv_namespace_delete high conf highhuman approval
Destroys a KV namespace and all keys; data loss is irreversible.
cloudflare.d1_database_query high conf highhuman approval
Executes arbitrary SQL against a D1 database; can read or mutate any row including PII.
cloudflare.hyperdrive_config_create high conf highhuman approval
Stores upstream-database credentials enabling Workers to reach origin databases.
cloudflare.hyperdrive_config_edit high conf highhuman approval
Modifies stored connection or credential metadata for an origin database.
All other tools (19)
cloudflare.accounts_list low conf highallow
Lists Cloudflare accounts available to the principal.
cloudflare.d1_database_create medium conf highaudit
Provisions a new D1 database.
cloudflare.d1_database_get low conf highallow
Reads metadata for a single D1 database.
cloudflare.d1_databases_list low conf highallow
Lists D1 databases in the account.
cloudflare.hyperdrive_config_delete medium conf highaudit
Removes a Hyperdrive config; breaks any Workers binding that used it.
cloudflare.hyperdrive_config_get low conf highallow
Reads a single Hyperdrive config (excluding secrets).
cloudflare.hyperdrive_configs_list low conf highallow
Lists Hyperdrive database connection configs.
cloudflare.kv_namespace_create medium conf highaudit
Provisions a new KV namespace; storage cost and config sprawl impact.
cloudflare.kv_namespace_get low conf highallow
Reads metadata for a single KV namespace.
cloudflare.kv_namespace_update medium conf highaudit
Modifies a KV namespace's configuration.
cloudflare.kv_namespaces_list low conf highallow
Lists Workers KV namespaces in the account.
cloudflare.r2_bucket_create medium conf highaudit
Provisions a new object-storage bucket.
cloudflare.r2_bucket_get low conf highallow
Reads metadata for an R2 bucket.
cloudflare.r2_buckets_list low conf highallow
Lists R2 object-storage buckets.
cloudflare.search low conf highallow
Searches the 2,500+ Cloudflare API endpoints for relevant operations; metadata only.
cloudflare.set_active_account low conf highallow
Switches the active account context for subsequent calls.
cloudflare.workers_get_worker low conf highallow
Reads metadata for a single Worker.
cloudflare.workers_get_worker_code medium conf highaudit
Returns the deployed Worker source code; reveals proprietary edge logic.
cloudflare.workers_list low conf highallow
Lists deployed Workers.