MCP compliance catalog

Every MCP tool in the SCOPE compliance index, grouped by server — risk posture, regulatory exposure, and the tools that warrant tighter governance.
80MCP servers
1695tools
Reset 80 of 80 servers
Intuit QuickBooks
51 tools · footprint 188
15 critical 10 high 17 med 9 low COSOGLBA+3 more
PayPal
33 tools · footprint 86
6 critical 7 high 9 med 11 low COSOGLBA+3 more
Stripe
26 tools · footprint 77
3 critical 7 high 10 med 6 low COSOPCI+2 more
PostHog
36 tools · footprint 69
6 high 22 med 8 low
Supabase
32 tools · footprint 69
4 critical 4 high 8 med 16 low COSOSOX
Salesforce
32 tools · footprint 60
4 critical 2 high 9 med 17 low COSOSOX
Close
64 tools · footprint 59
5 high 22 med 37 low COSOSOX
Cloudflare
26 tools · footprint 58
3 critical 4 high 6 med 13 low
Webflow
23 tools · footprint 57
2 critical 5 high 10 med 6 low
PagerDuty
64 tools · footprint 55
5 high 16 med 43 low
Box
37 tools · footprint 50
10 high 14 med 13 low COSOHIPAA+1 more
Gusto
36 tools · footprint 48
12 high 11 med 13 low COSOGLBA+1 more
ActiveCampaign
58 tools · footprint 47
4 high 15 med 39 low COSOSOX
Sanity
36 tools · footprint 47
1 critical 5 high 12 med 18 low
Amplitude
43 tools · footprint 44
6 high 16 med 21 low
Sentry
25 tools · footprint 43
3 high 14 med 8 low
‹ PrevPage 1 of 5Next ›
Airtable
11 med 8 low · 19 tools · 0 SoD-flagged
regimes APPICCPAGDPRISO_27001LGPDPIPEDAPIPLPOPIASOC2UK_GDPR

Tools needing tighter control (0 of 19)

None — every tool is low-risk, high-confidence, and outside PCI/HIPAA payload scope.
All other tools (19)
airtable.create_base medium conf highaudit
Creates a new Airtable base; data store proliferation can complicate inventory and DLP.
airtable.create_field medium conf highaudit
Adds a column to an existing table; impacts downstream views and integrations.
airtable.create_records_for_table medium conf highaudit
Inserts records; if the table holds PII, write requires lawful basis.
airtable.create_table medium conf highaudit
Adds a new table to a base; expands the data surface.
airtable.display_records_for_table medium conf mediumaudit
Renders records for display; equivalent privacy exposure to a list call.
airtable.get_record_for_page low conf mediumallow
Reads a single record via an interface page.
airtable.get_table_schema low conf highallow
Reads field definitions for a table.
airtable.list_bases low conf highallow
Lists bases the user has access to.
airtable.list_pages_for_base low conf highallow
Lists interface pages built on a base.
airtable.list_records_for_page medium conf mediumaudit
Reads records as scoped by an interface page; PII exposure mirrors the underlying table.
airtable.list_records_for_table medium conf mediumaudit
Returns potentially large slices of base data, which often includes contact PII or business-sensitive records.
airtable.list_tables_for_base low conf highallow
Enumerates tables in a base.
airtable.list_workspaces low conf highallow
Lists Airtable workspaces accessible to the token.
airtable.ping low conf highallow
Verifies MCP server connectivity.
airtable.search_bases low conf highallow
Searches bases by name across the workspace.
airtable.search_records medium conf mediumaudit
Filters records by query; can surface sensitive rows from PII tables.
airtable.update_field medium conf highaudit
Modifies a column definition; type changes can corrupt downstream consumers.
airtable.update_records_for_table medium conf highaudit
Modifies records in bulk; can rewrite PII or operational data without per-row review.
airtable.update_table medium conf highaudit
Modifies table-level settings; can rename/reshape persisted data.