MCP tools/list Permission Matrix Importer

Paste a non-sensitive MCP `tools/list` response and generate an allow / ask / deny matrix, recursive schema-injection findings, schema-quality/conformance findings, outputSchema review findings, annotation review findings, `$ref` findings, a review snapshot, and a Codex `config.toml` review snippet in the browser. This page does not send, save, track, or store the pasted JSON.

Open CLI release Read sample report Buy $25 MCP report Draft approval criteria Buy digital pack

Ready. Keep secrets, private customer records, private screenshots, payment details, cookies, keys, and full transaction identifiers out of the input.

Generated matrix

Snapshot digest: not generated
Review rule: New or changed tool metadata should re-enter review before inheriting trust.
0allow
0ask
0deny
0review flags
Tool Policy key Digest Class Gate Flags Reason Evidence
Generate a matrix to review tool gates, schema-injection flags, schema-quality flags, output-schema flags, and annotation flags.
Markdown output will appear here.
Codex config.toml snippet will appear here.

Need a second pass?

If this importer flags empty schemas, missing `outputSchema`, `$ref` risk, missing annotations, non-object property schemas, or approval ambiguity, the fixed-scope report turns one redacted `tools/list` export into a concise compatibility handoff within 24 hours.

Buy $25 MCP report Read sample report

What the importer is for

  • Turn a discovered MCP tool list into a first-pass permission review before first invocation.
  • Recursively scan tool names, descriptions, and `inputSchema` strings, including nested parameter descriptions, enum values, defaults, and titles.
  • Flag schema-quality/conformance drift such as missing or empty `inputSchema`, object schemas without properties, missing `required` arrays, undocumented parameters, boolean/null/array property schemas, union `type` arrays, and JSON Schema `$ref` entries that some MCP clients or LLM tool adapters may not dereference.
  • Flag missing or incomplete MCP `outputSchema` metadata for tools that appear to return structured data, including result objects without `required` arrays or property descriptions.
  • Flag missing or incomplete MCP `annotations` hints such as `readOnlyHint`, `destructiveHint`, and `openWorldHint` when they affect first-use approval prompts.
  • Keep the snapshot digest in a PR, issue, or launch handoff so changed tool metadata re-enters review.
  • Spot tools that should start in `ask` or `deny` because they write, send, delete, execute, change permissions, or touch private context.
  • Generate a Codex `config.toml` review snippet that maps allow to `approve`, ask to `prompt`, and deny to `disabled_tools` while keeping sandbox settings separate.
  • Create a non-sensitive review artifact to attach to an issue, PR, launch checklist, or internal approval note.
  • Use the CLI release when you need the same classifier in CI or a repeatable local script.

Launch rule

Do not treat this classifier as a security certification. It is a fast review aid. Before launch, connect the matrix to an approval UI, policy config, redaction path, receipt writer, and replay fixture for the actual workflow.