Critical-risk tools in MERX - TRON Resource Exchange
8 of the 66 tools in MERX - TRON Resource Exchange are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_monitorDestructiveCancel an active monitor by its UUID. The monitor stops firing notifications. Auth required (API key).
-
cancel_standing_orderDestructiveCancel a standing order by its UUID. The order is moved to CANCELLED status and will not trigger again. Already-executed actions are NOT reversed. Auth required (API key).
-
deposit_trxFinancialDeposit TRX to your Merx account. Requires MERX_API_KEY + TRON_PRIVATE_KEY.
-
enable_auto_depositFinancialConfigure automatic top-up when balance drops below a threshold. The configuration lives ONLY in the current MCP session — it is held in memory by the MCP server process and is ...
-
pay_invoiceFinancialPay an x402 invoice by signing and broadcasting a TRX transfer to the invoice address, then verifying the payment with the facilitator. x402 (Coinbase + Cloudflare HTTP 402 stan...
-
transfer_trc20FinancialTransfer TRC-20 tokens with automatic energy optimization. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY.
-
transfer_trxFinancialSend TRX to an address. Checks bandwidth, buys via Merx if needed. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY.
-
withdrawFinancialWithdraw TRX or USDT from your Merx account to an external TRON address. The "amount" parameter is interpreted in the currency specified by "currency" — i.e. for currency=TRX it...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.