Critical-risk tools in Tenzro Ledger MCP
46 of the 275 tools in Tenzro Ledger MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
clear_secure_mint_policyDestructiveClear the Secure-Mint policy for an asset.
-
delete_modelDestructiveDelete a downloaded model from the local node.
-
deregister_agentDestructiveDeregister (suspend) an agent from the active network registry.
-
forget_identityDestructiveTDIP/GDPR Article 17 right-to-erasure. Hard-deletes a previously
-
freeze_addressDestructiveFreeze an address for a specific token, preventing all transfers.
-
revoke_didDestructiveRevoke an identity by DID. Cascades JWT invalidation through the
-
revoke_sessionDestructiveRevoke an active session key for a wallet.
-
secure_mint_record_burnDestructiveRecord a redemption (decrement circulating).
-
urwa_clear_kill_switchDestructive(Admin) Clear the ERC-7943 kill-switch on a token. Transfers resume.
-
urwa_trigger_kill_switchDestructive(Admin) Activate the ERC-7943 kill-switch on a token.
-
attested_mintFinancialMint a tokenized asset ONLY if post-mint supply <= attested reserves
-
axelar_pay_gasFinancialPre-pay the Axelar Gas Service for a previously-dispatched message.
-
bridge_tokensFinancialBridge tokens between Tenzro, Ethereum, Solana, or Base via LayerZero/CCIP/deBridge.
-
bridge_with_hookFinancialBridge tokens with a post-delivery hook to execute a contract call on the destination chain.
-
capital_intent_executeFinancialRecord one executed settlement leg ({venue, asset_id, side, quantity,
-
capital_intent_openFinancialcapital_intent_open
-
capital_intent_quoteFinancialSolver bid to fulfil a capital intent (ranked by ERC-8004 + KYA).
-
capital_intent_settleFinancialRelease escrow to the solver, write ERC-8004 feedback, finalize.
-
capital_intent_verifyFinancialVerify proofs / require all legs settled.
-
close_payment_channelFinancialClose a micropayment channel and settle the final balances on-chain.
-
compute_settle_epochFinancialSettle one epoch of an active compute rental, gated on the availability proof.
-
create_escrowFinancialcreate_escrow
-
create_payment_challengeFinancialCreate a payment challenge. protocol is 'mpp', 'x402', or 'native'.
-
cross_vm_transferFinancialPerform an atomic cross-VM token transfer using the TNZO pointer model.
-
debridge_same_chain_swapFinancialExecute a same-chain token swap via deBridge without cross-chain bridging.
-
exchange_tokenFinancialexchange_token
-
fund_user_walletFinancialFund a user wallet from the app treasury.
-
onboard_autonomous_agentFinancialOnboard a fully autonomous agent — requires a slashable TNZO bond
-
open_payment_channelFinancialOpen an off-chain micropayment channel with an initial deposit.
-
refund_escrowFinancialRefund escrowed funds back to the payer via a signed RefundEscrow transaction.
-
release_escrowFinancialRelease escrowed funds to the payee via a signed ReleaseEscrow transaction.
-
request_faucetFinancialRequest 100 testnet TNZO tokens from the faucet (24h cooldown per address).
-
secure_mint_applyFinancialAtomic check + circulating increment.
-
send_transactionFinancialsend_transaction
-
set_bridge_fee_rateFinancialset_bridge_fee_rate
-
set_spending_limitsFinancialSet daily and per-transaction spending limits for a wallet.
-
settle_paymentFinancialSettle a payment between two addresses for a given service type.
-
sponsor_bridge_feeFinancialsponsor_bridge_fee
-
sponsor_transactionFinancialSponsor a transaction for a user (app pays gas via paymaster).
-
stake_tokensFinancialStake TNZO tokens as a Validator, ModelProvider, or TeeProvider.
-
storage_charge_epochFinancialRun one proof-of-retrievability-gated charge epoch for a storage deal.
-
storage_open_dealFinancialOpen a streaming storage deal for a stored object.
-
transfer_nftFinancialTransfer an NFT from one address to another.
-
verify_paymentFinancialVerify a payment credential against a challenge and settle on-chain.
-
workflow_finalizeFinancialFinalize a saga once all steps are Verified: compute the receipt hash and
-
workflow_step_compensateFinancialCompensate a saga step (refund vault -> payer). With cascade=True, also
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.