High-risk tools in Mcp Api

High severity Mcp Api MCP Server 6 of 310 tools

6 of the 310 tools in Mcp Api are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

startIdentityProviderLoginWithId Execute 3/5

Begins a login request for a 3rd party login that requires user interaction such as HYPR.
startPasswordlessLoginWithId Execute 3/5

Start a passwordless login request by generating a passwordless code. This code can be sent to the User using the Send Passwordless Code API or using a mechanism outside of Fusi...
startTwoFactorLoginWithId Execute 4/5

Start a Two-Factor login request by generating a two-factor identifier. This code can then be sent to the Two Factor Send API (/api/two-factor/send)in order to send a one-time ...
startVerifyIdentityWithId Execute 3/5

Start a verification of an identity by generating a code. This code can be sent to the User using the Verify Send API Verification Code API or using a mechanism outside of Fusio...
startWebAuthnLoginWithId Execute 3/5

Start a WebAuthn authentication ceremony by generating a new challenge for the user
startWebAuthnRegistrationWithId Execute 3/5

Start a WebAuthn registration ceremony by generating a new challenge for the user

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Mcp Api

Tools at high risk

Attacks that target this class

More on Mcp Api

Enforce policy on Mcp Api