Critical-risk tools in IIITH Mess MCP

Critical severity IIITH Mess MCP MCP Server 4 of 45 tools

4 of the 45 tools in IIITH Mess MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

mess_cancel_registration Destructive

mess_cancel_registration
mess_delete_auth_key Destructive

Delete an auth key by its name (not its value). Identified by name in the URL path.
mess_delete_extra_registration Destructive

Delete an extra registration by its ID (passed as query param).
mess_delete_monthly_registration Destructive

Delete a monthly mess registration (individual meal registrations are kept).

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in IIITH Mess MCP

Tools at critical risk

Attacks that target this class

More on IIITH Mess MCP

Enforce policy on every IIITH Mess MCP tool call.