High-risk tools in ContrastAPI

High severity ContrastAPI MCP Server 2 of 53 tools

2 of the 53 tools in ContrastAPI are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

brand_assets Execute

Scrape a domain's homepage `<head>` for public brand assets — favicon, og:image, theme-color, og:site_name, JSON-LD `Organization.logo`. Use to enrich CRM records, build company...
redirect_chain Execute

Walk an HTTP redirect chain hop-by-hop, returning per-hop {url, status_code, location, latency_ms}. Use to deobfuscate URL shorteners (bit.ly / t.co / lnkd.in), audit suspicious...

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in ContrastAPI

Tools at high risk

Attacks that target this class

More on ContrastAPI

Let agents act without letting them run wild.