Every MCP tool is annotated with a risk tier so agents and humans can reason about side effects before a call runs.
| Tier | Description | Examples |
|---|
read | Read-only; no data changes | search_contacts, get_credits, list_campaigns |
write | Creates or modifies data | research_contacts, create_campaign, send_email |
destructive | Permanent deletion | delete_campaign, delete_list, delete_saved_search |
MCP client hints
Tools also expose MCP SDK hints derived from the tier:
readOnlyHint: true for read tools
destructiveHint: true for destructive tools
openWorldHint: true when the tool touches unbounded external data (e.g. global search graph, sending email to the public internet)
Recommended client settings
Enable human confirmation for write and destructive tools in your MCP client. Read tools are safe to run autonomously for most workflows.
destructive operations cannot be undone. Require explicit approval before delete_campaign, delete_list, or similar tools.
Each tool domain page lists tools with their risk tier. See Access control for which domains your account can use.