MCP compliance catalog

Every MCP tool in the SCOPE compliance index, grouped by server — risk posture, regulatory exposure, and the tools that warrant tighter governance.
80MCP servers
1695tools
Reset 80 of 80 servers
Canva
32 tools · footprint 17
7 med 25 low
Granola
6 tools · footprint 17
3 high 1 med 2 low
Google Drive
7 tools · footprint 16
2 high 2 med 3 low
Guru
5 tools · footprint 16
3 med 2 low
Gmail
10 tools · footprint 15
2 high 1 med 7 low
Apollo
4 tools · footprint 14
1 high 2 med 1 low
Asana
25 tools · footprint 14
5 med 20 low
Fireflies
3 tools · footprint 14
2 high 1 low
GitLab
15 tools · footprint 14
1 high 4 med 10 low COSOSOX
Google BigQuery
5 tools · footprint 14
1 high 4 low COSOSOX
Google Calendar
8 tools · footprint 14
5 med 3 low
Pendo
15 tools · footprint 14
5 med 10 low
Hex
4 tools · footprint 13
3 med 1 low
Linear
21 tools · footprint 12
3 med 18 low
Plaid
5 tools · footprint 12
1 med 4 low GLBA
Honeycomb
10 tools · footprint 11
1 med 9 low
‹ PrevPage 4 of 5Next ›
CloudflareDocs ↗
3 critical 4 high 6 med 13 low · 26 tools · 7 SoD-flagged
regimes APPICCPAGDPRISO_27001LGPDNIST_CSFPIPEDAPIPLPOPIASOC2UK_GDPR

Tools needing tighter control (7 of 26)

cloudflare.execute critical conf mediumhuman approval
Generic dispatcher executing arbitrary Cloudflare API calls; can deploy code, change DNS, rotate keys, modify zero-trust policy.
cloudflare.r2_bucket_delete critical conf highhuman approval
Destroys an R2 bucket and all stored objects; mass data loss.
cloudflare.d1_database_delete critical conf highhuman approval
Destroys a D1 database and all rows; data loss is irreversible.
cloudflare.kv_namespace_delete high conf highhuman approval
Destroys a KV namespace and all keys; data loss is irreversible.
cloudflare.d1_database_query high conf highhuman approval
Executes arbitrary SQL against a D1 database; can read or mutate any row including PII.
cloudflare.hyperdrive_config_create high conf highhuman approval
Stores upstream-database credentials enabling Workers to reach origin databases.
cloudflare.hyperdrive_config_edit high conf highhuman approval
Modifies stored connection or credential metadata for an origin database.
All other tools (19)
cloudflare.accounts_list low conf highallow
Lists Cloudflare accounts available to the principal.
cloudflare.d1_database_create medium conf highaudit
Provisions a new D1 database.
cloudflare.d1_database_get low conf highallow
Reads metadata for a single D1 database.
cloudflare.d1_databases_list low conf highallow
Lists D1 databases in the account.
cloudflare.hyperdrive_config_delete medium conf highaudit
Removes a Hyperdrive config; breaks any Workers binding that used it.
cloudflare.hyperdrive_config_get low conf highallow
Reads a single Hyperdrive config (excluding secrets).
cloudflare.hyperdrive_configs_list low conf highallow
Lists Hyperdrive database connection configs.
cloudflare.kv_namespace_create medium conf highaudit
Provisions a new KV namespace; storage cost and config sprawl impact.
cloudflare.kv_namespace_get low conf highallow
Reads metadata for a single KV namespace.
cloudflare.kv_namespace_update medium conf highaudit
Modifies a KV namespace's configuration.
cloudflare.kv_namespaces_list low conf highallow
Lists Workers KV namespaces in the account.
cloudflare.r2_bucket_create medium conf highaudit
Provisions a new object-storage bucket.
cloudflare.r2_bucket_get low conf highallow
Reads metadata for an R2 bucket.
cloudflare.r2_buckets_list low conf highallow
Lists R2 object-storage buckets.
cloudflare.search low conf highallow
Searches the 2,500+ Cloudflare API endpoints for relevant operations; metadata only.
cloudflare.set_active_account low conf highallow
Switches the active account context for subsequent calls.
cloudflare.workers_get_worker low conf highallow
Reads metadata for a single Worker.
cloudflare.workers_get_worker_code medium conf highaudit
Returns the deployed Worker source code; reveals proprietary edge logic.
cloudflare.workers_list low conf highallow
Lists deployed Workers.