High-risk tools in Cli

High severity Cli MCP Server 10 of 10 tools

10 of the 10 tools in Cli are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

aggressive Execute

Auto everything — Tier 1 only, no decisions needed
backlog Execute

Not yet scheduled for work
completed Execute

Work is complete
conservative Execute

Safe=auto (Tier 1), destructive=human (Tier 3)
dropped Execute

Removed from active work entirely
needs_review Execute

Work is done, awaiting review
paused Execute

Work is stopped temporarily
ready Execute

Groomed and ready to start
started Execute

Work has begun
supervised Execute

Safe=auto (Tier 1), destructive=llm (Tier 2)

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in Cli

Tools at high risk

Attacks that target this class

More on Cli

Let agents act without letting them run wild.