MCP compliance catalog

Every MCP tool in the SCOPE compliance index, grouped by server — risk posture, regulatory exposure, and the tools that warrant tighter governance.
80MCP servers
1695tools
Reset 80 of 80 servers
Intuit QuickBooks
51 tools · footprint 188
15 critical 10 high 17 med 9 low COSOGLBA+3 more
PayPal
33 tools · footprint 86
6 critical 7 high 9 med 11 low COSOGLBA+3 more
Stripe
26 tools · footprint 77
3 critical 7 high 10 med 6 low COSOPCI+2 more
PostHog
36 tools · footprint 69
6 high 22 med 8 low
Supabase
32 tools · footprint 69
4 critical 4 high 8 med 16 low COSOSOX
Salesforce
32 tools · footprint 60
4 critical 2 high 9 med 17 low COSOSOX
Close
64 tools · footprint 59
5 high 22 med 37 low COSOSOX
Cloudflare
26 tools · footprint 58
3 critical 4 high 6 med 13 low
Webflow
23 tools · footprint 57
2 critical 5 high 10 med 6 low
PagerDuty
64 tools · footprint 55
5 high 16 med 43 low
Box
37 tools · footprint 50
10 high 14 med 13 low COSOHIPAA+1 more
Gusto
36 tools · footprint 48
12 high 11 med 13 low COSOGLBA+1 more
ActiveCampaign
58 tools · footprint 47
4 high 15 med 39 low COSOSOX
Sanity
36 tools · footprint 47
1 critical 5 high 12 med 18 low
Amplitude
43 tools · footprint 44
6 high 16 med 21 low
Sentry
25 tools · footprint 43
3 high 14 med 8 low
‹ PrevPage 1 of 5Next ›
CloudflareDocs ↗
3 critical 4 high 6 med 13 low · 26 tools · 7 SoD-flagged
regimes APPICCPAGDPRISO_27001LGPDNIST_CSFPIPEDAPIPLPOPIASOC2UK_GDPR

Tools needing tighter control (7 of 26)

cloudflare.execute critical conf mediumhuman approval
Generic dispatcher executing arbitrary Cloudflare API calls; can deploy code, change DNS, rotate keys, modify zero-trust policy.
cloudflare.r2_bucket_delete critical conf highhuman approval
Destroys an R2 bucket and all stored objects; mass data loss.
cloudflare.d1_database_delete critical conf highhuman approval
Destroys a D1 database and all rows; data loss is irreversible.
cloudflare.kv_namespace_delete high conf highhuman approval
Destroys a KV namespace and all keys; data loss is irreversible.
cloudflare.d1_database_query high conf highhuman approval
Executes arbitrary SQL against a D1 database; can read or mutate any row including PII.
cloudflare.hyperdrive_config_create high conf highhuman approval
Stores upstream-database credentials enabling Workers to reach origin databases.
cloudflare.hyperdrive_config_edit high conf highhuman approval
Modifies stored connection or credential metadata for an origin database.
All other tools (19)
cloudflare.accounts_list low conf highallow
Lists Cloudflare accounts available to the principal.
cloudflare.d1_database_create medium conf highaudit
Provisions a new D1 database.
cloudflare.d1_database_get low conf highallow
Reads metadata for a single D1 database.
cloudflare.d1_databases_list low conf highallow
Lists D1 databases in the account.
cloudflare.hyperdrive_config_delete medium conf highaudit
Removes a Hyperdrive config; breaks any Workers binding that used it.
cloudflare.hyperdrive_config_get low conf highallow
Reads a single Hyperdrive config (excluding secrets).
cloudflare.hyperdrive_configs_list low conf highallow
Lists Hyperdrive database connection configs.
cloudflare.kv_namespace_create medium conf highaudit
Provisions a new KV namespace; storage cost and config sprawl impact.
cloudflare.kv_namespace_get low conf highallow
Reads metadata for a single KV namespace.
cloudflare.kv_namespace_update medium conf highaudit
Modifies a KV namespace's configuration.
cloudflare.kv_namespaces_list low conf highallow
Lists Workers KV namespaces in the account.
cloudflare.r2_bucket_create medium conf highaudit
Provisions a new object-storage bucket.
cloudflare.r2_bucket_get low conf highallow
Reads metadata for an R2 bucket.
cloudflare.r2_buckets_list low conf highallow
Lists R2 object-storage buckets.
cloudflare.search low conf highallow
Searches the 2,500+ Cloudflare API endpoints for relevant operations; metadata only.
cloudflare.set_active_account low conf highallow
Switches the active account context for subsequent calls.
cloudflare.workers_get_worker low conf highallow
Reads metadata for a single Worker.
cloudflare.workers_get_worker_code medium conf highaudit
Returns the deployed Worker source code; reveals proprietary edge logic.
cloudflare.workers_list low conf highallow
Lists deployed Workers.