MCP compliance catalog

Every MCP tool in the SCOPE compliance index, grouped by server — risk posture, regulatory exposure, and the tools that warrant tighter governance.
80MCP servers
1695tools
Reset 80 of 80 servers
Shopify
6 tools · footprint 10
1 med 5 low
Benchling
4 tools · footprint 9
2 high 2 med
AirOps
40 tools · footprint 6
5 med 35 low
Adobe Experience Manager
7 tools · footprint 4
2 med 5 low
Adobe Journey Optimizer
3 tools · footprint 4
3 low
Figma
16 tools · footprint 2
1 med 15 low
Gamma
4 tools · footprint 2
1 med 3 low
AWS Marketplace
11 tools · footprint 1
11 low
Ahrefs
42 tools · footprint 0
42 low
Aiera
39 tools · footprint 0
39 low
Benevity
2 tools · footprint 0
2 low
Bigdata.com
8 tools · footprint 0
8 low
BioRender
2 tools · footprint 0
2 low
Clerk
2 tools · footprint 0
2 low
Sigma
5 tools · footprint 0
5 low
Similarweb
26 tools · footprint 0
26 low
‹ PrevPage 5 of 5Next ›
SalesforceDocs ↗
4 critical 2 high 9 med 17 low · 32 tools · 6 SoD-flagged
regimes APPICCPACOSOGDPRISO_27001LGPDNIST_CSFPIPEDAPIPLPOPIASOC2SOXUK_GDPR

Tools needing tighter control (7 of 32)

salesforce.assign_permission_set critical conf highhuman approval
Grants a permission set to a user, expanding what the principal can read and write across every object the set covers — bypasses access-review controls.
salesforce.deploy_metadata critical conf highhuman approval
Pushes metadata changes (Apex, validation rules, sharing settings, profiles, flows) to a Salesforce org — bypasses change-management gates and can reshape security or financial-reporting logic in production.
salesforce.run_apex_test critical conf highhuman approval
Executes Apex test classes in the org, which run arbitrary Apex code with the test runner's permissions and can mutate data inside testSetup or non-isolated tests.
salesforce.promote_devops_center_work_item critical conf highhuman approval
Promotes a work item to the next pipeline stage, which deploys metadata to that environment — applies to UAT or production stages and bypasses additional review when invoked unilaterally.
salesforce.delete_org high conf highhuman approval
Permanently deletes a scratch org or sandbox; irreversible loss of any non-replicated test data and dev work in that org.
salesforce.run_soql_query high conf highOBO
Executes arbitrary SOQL against the org and returns matching records, including PII held on Contacts, Leads, Accounts, Cases, and custom objects.
salesforce.update_devops_center_work_item_status medium conf highhuman approval
Moves a work item between In Progress and Ready to Promote; controls when changes become eligible for promotion to higher environments.
All other tools (25)
salesforce.check_devops_center_commit_status low conf highallow
Returns the registration status of a previously committed work item; read-only.
salesforce.checkout_devops_center_work_item low conf highallow
Switches the local repo to the feature branch tied to a work item; does not change org state.
salesforce.commit_devops_center_work_item medium conf highaudit
Commits local DX project changes to the work item branch and registers the commit SHA in DevOps Center; advances the change toward a controlled deploy.
salesforce.create_custom_rule low conf mediumallow
Creates a custom XPath-based PMD rule from sample Apex; modifies local rule configuration only.
salesforce.create_devops_center_pull_request medium conf highaudit
Opens a pull request from the work item's feature branch into the integration branch; queues the change for review and downstream promotion.
salesforce.create_devops_center_work_item low conf highallow
Creates a new DevOps Center work item in a project; entry point for tracking a change but no deploy or production effect on its own.
salesforce.create_org_snapshot medium conf mediumaudit
Captures a scratch-org snapshot containing org metadata and seed data; snapshot may include test data that resembles PII.
salesforce.create_scratch_org medium conf highaudit
Provisions a new scratch org that consumes Dev Hub limits; isolated from production data but counts against entitlements.
salesforce.describe_code_analyzer_rule low conf highallow
Returns the description of a single Code Analyzer rule; read-only.
salesforce.detect_devops_center_merge_conflict low conf highallow
Inspects branches to identify merge conflicts for a work item; read-only diagnostic.
salesforce.enrich_metadata low conf mediumallow
Augments local DX project metadata with additional org context; modifies local files only.
salesforce.get_username low conf highallow
Returns the resolved username or alias for the default org or Dev Hub; reads local CLI configuration only.
salesforce.list_all_orgs low conf highallow
Lists locally-authorized orgs and their connection status; reveals which Salesforce environments the principal has credentials for.
salesforce.list_code_analyzer_rules low conf highallow
Lists configured Code Analyzer rules; read-only configuration introspection.
salesforce.list_devops_center_projects low conf highallow
Lists DevOps Center projects in the org; reveals release-pipeline structure but not contents.
salesforce.list_devops_center_work_items low conf highallow
Lists work items for a DevOps Center project; reveals in-flight changes.
salesforce.open_org low conf highallow
Opens an authenticated browser session to the org for the operator; no data movement on its own.
salesforce.query_code_analyzer_results low conf highallow
Filters and summarizes a Code Analyzer results JSON file; reads local files only.
salesforce.resolve_devops_center_deployment_failure medium conf mediumaudit
Diagnoses a failed deploy and applies remediation steps; can re-trigger metadata deploys to resolve the failure.
salesforce.resolve_devops_center_merge_conflict medium conf mediumaudit
Applies a chosen resolution strategy to a merge conflict on the work item branch; rewrites version-controlled source feeding the deploy pipeline.
salesforce.resume_tool_operation low conf mediumallow
Resumes a previously-started long-running operation; risk inherits from the underlying tool that originally started it.
salesforce.retrieve_metadata medium conf highaudit
Pulls org metadata (Apex source, page layouts, profiles) into the local DX project; exfiltrates configuration and source code.
salesforce.run_agent_test medium conf mediumaudit
Runs Agentforce agent tests against the org; consumes agent execution quotas and exercises configured agent actions.
salesforce.run_code_analyzer low conf highallow
Runs Salesforce Code Analyzer over local source and writes a results JSON; static analysis with no org-side effect.
salesforce.scan_apex_class_for_antipatterns low conf highallow
Analyzes Apex source for performance antipatterns; static analysis with no org-side effect.