Critical-risk tools in Kreato MCP Server
5 of the 12 tools in Kreato MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
buy_productFinancialRegister a confirmed on-chain product purchase on Kreato and get the download link.
-
manage_membershipFinancialSubscribe to or cancel a creator
-
request_paymentFinancialRequest wallet approval to pay on Kreato. Supports product purchases, donations to creators, and Pro plan upgrades.
-
send_donationFinancialRegister a confirmed crypto donation to a creator on Kreato.
-
upgrade_to_proFinancialUpgrade a user to Kreato Pro plan. Send crypto to the pro wallet first, then call this with the txHash.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.