Critical-risk tools in MERX - TRON Resource Exchange

Critical severity MERX - TRON Resource Exchange MCP Server 6 of 54 tools

6 of the 54 tools in MERX - TRON Resource Exchange are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

deposit_trx Financial 5/5

Deposit TRX to your Merx account. Requires MERX_API_KEY + TRON_PRIVATE_KEY.
enable_auto_deposit Financial 5/5

Configure automatic top-up when balance drops below a threshold. Session-only.
pay_invoice Financial 5/5

Pay an x402 invoice by sending TRX and verifying payment.
transfer_trc20 Financial 5/5

Transfer TRC-20 tokens with automatic energy optimization. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY.
transfer_trx Financial 5/5

Send TRX to an address. Checks bandwidth, buys via Merx if needed. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY.
withdraw Financial 5/5

Withdraw TRX or USDT from your Merx account to an external TRON address. Requires MERX_API_KEY.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in MERX - TRON Resource Exchange

Tools at critical risk

Attacks that target this class

More on MERX - TRON Resource Exchange

Enforce policy on MERX - TRON Resource Exchange