Critical-risk tools in PortalMCP
4 of the 17 tools in PortalMCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
eth_stake_tokensFinancialPrepare a transaction to stake tokens in a staking contract
-
eth_swap_eth_to_usdtFinancialSwap ETH to USDT using Uniswap V3 and execute the transaction
-
eth_swap_tokensFinancialSwap any tokens using Uniswap V3. Can handle ETH, WETH, and any ERC-20 tokens. Automatically executes the transaction using your configured wallet.
-
eth_transfer_tokenFinancialTransfer ERC-20 tokens. By default executes the transaction using the configured signer. Set executeTransaction=false to only prepare an unsigned transaction for an external wal...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.