MCP compliance catalog

Every MCP tool in the SCOPE compliance index, grouped by server — risk posture, regulatory exposure, and the tools that warrant tighter governance.
80MCP servers
1695tools
Reset 80 of 80 servers
Intuit QuickBooks
51 tools · footprint 188
15 critical 10 high 17 med 9 low COSOGLBA+3 more
PayPal
33 tools · footprint 86
6 critical 7 high 9 med 11 low COSOGLBA+3 more
Stripe
26 tools · footprint 77
3 critical 7 high 10 med 6 low COSOPCI+2 more
PostHog
36 tools · footprint 69
6 high 22 med 8 low
Supabase
32 tools · footprint 69
4 critical 4 high 8 med 16 low COSOSOX
Salesforce
32 tools · footprint 60
4 critical 2 high 9 med 17 low COSOSOX
Close
64 tools · footprint 59
5 high 22 med 37 low COSOSOX
Cloudflare
26 tools · footprint 58
3 critical 4 high 6 med 13 low
Webflow
23 tools · footprint 57
2 critical 5 high 10 med 6 low
PagerDuty
64 tools · footprint 55
5 high 16 med 43 low
Box
37 tools · footprint 50
10 high 14 med 13 low COSOHIPAA+1 more
Gusto
36 tools · footprint 48
12 high 11 med 13 low COSOGLBA+1 more
ActiveCampaign
58 tools · footprint 47
4 high 15 med 39 low COSOSOX
Sanity
36 tools · footprint 47
1 critical 5 high 12 med 18 low
Amplitude
43 tools · footprint 44
6 high 16 med 21 low
Sentry
25 tools · footprint 43
3 high 14 med 8 low
‹ PrevPage 1 of 5Next ›
Asana
5 med 20 low · 25 tools · 0 SoD-flagged
regimes APPICCPAGDPRLGPDPIPEDAPIPLPOPIASOC2UK_GDPR

Tools needing tighter control (0 of 25)

None — every tool is low-risk, high-confidence, and outside PCI/HIPAA payload scope.
All other tools (25)
asana.add_comment low conf highallow
Posts a comment on a task under the authenticated user's identity.
asana.create_project low conf highallow
Creates a new project container.
asana.create_project_preview low conf highallow
Renders a preview card for a project creation; no write side-effect.
asana.create_project_status_update low conf highallow
Posts a status update to a project; visible to project members.
asana.create_task_preview low conf highallow
Renders a preview card for a task creation; no write side-effect.
asana.create_tasks low conf highallow
Creates one or more tasks in a project.
asana.delete_task medium conf highaudit
Removes a task and its history; reversible only via Asana trash for a limited window.
asana.get_attachments medium conf mediumaudit
Reads attachment metadata on tasks; attachments may include PII or confidential files.
asana.get_items_for_portfolio low conf highallow
Reads projects rolled up under a portfolio.
asana.get_me low conf highallow
Reads the authenticated user's own profile.
asana.get_my_tasks low conf highallow
Reads tasks assigned to the authenticated user.
asana.get_portfolio low conf highallow
Reads a single portfolio's metadata.
asana.get_portfolios low conf highallow
Lists portfolios visible to the user.
asana.get_project low conf highallow
Reads a single project's metadata and settings.
asana.get_projects low conf highallow
Lists projects in the workspace.
asana.get_status_overview low conf highallow
Reads aggregated status updates across a project.
asana.get_task low conf highallow
Reads a single task with description, assignee, and custom fields.
asana.get_tasks low conf highallow
Reads tasks within a project, section, or assignee scope.
asana.get_teams low conf highallow
Reads workspace teams the user belongs to.
asana.get_user low conf highallow
Reads a single user record including name and email.
asana.get_users medium conf highaudit
Reads workspace user roster including names and emails.
asana.search_objects medium conf mediumaudit
Generic typeahead-style search across Asana objects; can surface confidential project content.
asana.search_tasks low conf highallow
Filtered task search across the workspace.
asana.search_tasks_preview low conf highallow
Renders a preview card for a task search; no write side-effect.
asana.update_tasks medium conf highaudit
Modifies task fields including assignee, due date, completion; can mark work done.