Critical-risk tools in Mcp Mifosx
15 of the 73 tools in Mcp Mifosx are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_client_profileDestructiveDelete a client profile.
-
delete_loan_appDestructiveDelete a draft or submitted loan application.
-
create_new_chargeFinancialCreate a new charge definition.
-
depositFinancialDeposit money into a savings account. Validates accountId exists before executing.
-
withdrawFinancialWithdraw money from a savings account. Validates accountId and balance before executing.
-
make_repaymentFinancialMake a repayment on an active loan. Validates loanId and status before executing.
-
record_journal_entryFinancialRecord a manual journal entry. Date format: 'dd MMMM yyyy' e.g. '10 March 2026'
-
undo_disbursalFinancialUndo a loan disbursal to reverse funds and return the loan to approved status.
-
waive_loan_interestFinancialWaive interest on a loan. Validates loanId exists before executing.
-
apply_client_feeFinancialApply a one-time fee/charge to a client profile
-
apply_loan_feeFinancialApply a fee/charge to a loan. Validates loanId exists before executing.
-
apply_savings_feeFinancialApply a charge/block to a savings account
-
approve_disburse_loanFinancialApprove and disburse a pending loan. Validates loanId exists before executing.
-
close_client_profileDestructiveClose a client's profile
-
close_savingsDestructiveClose a savings account
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.