MCP tool risk levels
PolicyLayer classifies every MCP tool in the catalogue by severity. Browse by level to see which tools share the same blast radius, which attacks target each class, and what policy pattern defends against them. For the full context, start with the MCP Security reference.
Severity is derived from the tool's capability class. Destructive and financial operations share critical severity because both produce irreversible harm. Execute operations score high because side effects reach beyond the immediate call. Read and write operations get lower scores, but each still has documented attack surface.
- Critical 1,239 tools
Destructive and financial operations. Irreversible. Block by default; require human approval. Sourced from 1,123 destructive + 116 financial tools.
- High 1,088 tools
Execute operations that trigger processes with real-world side effects — builds, notifications, compute jobs. Rate-limit and validate arguments; consider approval for expensive paths.
Browse by capability
Prefer capability browse? Each category maps to specific behaviour patterns and has its own recommended policy approach.