Critical-risk tools in QuickContract MCP
2 of the 18 tools in QuickContract MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
release_milestoneFinancialRelease an escrow milestone. The funds settle directly on the recipient\
-
sign_as_agentFinancialSign a contract as an agent. Requires a qc_agnt_* API key. Produces an Ed25519 signature over SHA-256(contentHash || timestamp || did). The signature is embedded in the contract\
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.