High-risk tools in Arc 1
2 of the 11 tools in Arc 1 are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
SAPDiagnoseExecute 3/5Run diagnostics on ABAP objects: syntax check, ABAP unit tests, and ATC (ABAP Test Cockpit) code quality checks.
-
SAPQueryExecute 4/5Execute ABAP SQL queries against SAP tables. Returns structured data with column names and rows. Powerful for reverse-engineering: query metadata tables like DD02L (table catalo...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Arc 1
Enforce policy on Arc 1
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init