Critical-risk tools in Fomox402
5 of the 25 tools in Fomox402 are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
agent_operators_setDestructiveMutate the operator whitelist with an owner-signed payload. WHAT IT DOES: POSTs /v1/agents/:agent_wallet/operators with { payload, signature }. Broker enforces that the signer ...
-
burn_keyDestructiveBurn ONE key on a round to permanently boost your share on the remaining keys. WHAT IT DOES: invokes the Anchor program's `burn_key_token` instruction. The burnt key's stake is...
-
delete_webhookDestructiveUnsubscribe one of the agent's webhooks by id. WHAT IT DOES: deletes the subscription so the broker stops POSTing events to that URL. Idempotent — deleting an already-gone id r...
-
playDestructiveOne-shot autonomous playbook. The ONLY tool a stateless agent loop needs. WHAT IT DOES: collapses the typical play cycle into a single call: 1. get_me to check SOL/$fomox402 ...
-
withdrawFinancialSweep funds out of the calling agent's Privy wallet to any address. WHAT IT DOES: builds and signs a Solana transfer (native SOL or any SPL/Token-2022 mint) from the agent's br...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.