High-risk tools in Mcp Ap2
37 of the 1300 tools in Mcp Ap2 are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ship_orderExecuteArrange shipment for an order — either request pickup, drop off, or pass a tracking number depending on the logistics channel.
-
backchannel_startExecuteStart a CIBA / OTP pre-authorization for a shopper. Sends a push to Nubank app (CIBA) or triggers an OTP SMS. Returns an auth_req_id/ticket to complete later.
-
execute_studio_flowExecuteTrigger a Studio Flow Execution for a contact. Studio flows are visual IVR / workflow builders — this kicks one off for a specific To/From pair.
-
fraud_screenExecuteRun a standalone FraudSight assessment on a payment method (no authorization). Returns a score and recommendation.
-
restart_instanceExecuteRestart an instance
-
run_reportExecuteCreate and run a standalone Persona report — not tied to an inquiry flow. Use for ad-hoc watchlist screening, adverse media, business (KYB) lookups, address verification, or pro...
-
start_verificationExecuteStart a Verify (2FA) challenge. Sends a one-time code to
-
trust_platform_startExecuteStart a Trust Platform onboarding flow — orchestrated pipeline chaining person/company checks + biometrics + document validation per a dashboard template. Returns flow_id + host...
-
address_validationExecuteAddress normalization + validation against CORREIOS + IBGE — canonical address, CEP, neighborhood, city, state, geocode. POST /v1/datasets/addresses.
-
backchannel_resend_otpExecuteResend the OTP to the shopper for an in-flight authorization ticket.
-
challenge_3dsExecuteStep 3 of 3DS2 — post the CReq back after the issuer challenge window closes, to retrieve the final authentication outcome.
-
evaluate_orderExecuteSubmit an order to Legiti for real-time fraud evaluation via the v2 order endpoint. Returns a decision (approve / reject / manual) synchronously — response may take up to ~20s. ...
-
exchange_tokenExecuteExchange an authorization_code or refresh_token at POST /v1/token. Expects an already-signed JWT client_assertion. Returns access_token (5 min) + refresh_token for recurrence. A...
-
logout_instanceExecuteLogout an instance (disconnects the WhatsApp session without deleting the instance)
-
lookup_3dsExecuteStep 1 of 3DS2 — submit device-data-collection (DDC) output to Worldpay to determine whether a challenge is required. Returns either a frictionless result or a challenge lookup ...
-
make_callExecutePlace an outbound voice call. Twilio fetches TwiML from
-
oauth_token_exchangeExecuteExchange an authorization code for a seller access token (marketplace onboarding). Also supports refresh_token grant.
-
apply_decision_to_orderExecuteApply a workflow Decision to a specific order (POST /v3/accounts/{account_id}/users/{user_id}/orders/{order_id}/decisions). Order-level decisions target a single transaction rat...
-
apply_decision_to_sessionExecuteApply a workflow Decision to a session (POST /v3/accounts/{account_id}/users/{user_id}/sessions/{session_id}/decisions). Session-level decisions target a specific authenticated ...
-
backchannel_completeExecuteComplete a CIBA/OTP flow by submitting the OTP the shopper received. Returns the access_token once validated.
-
create_antifraud_analysisExecuteSubmit a standalone Antifraud analysis (POST /fraudanalysis) through Braspag
-
create_checkExecuteRun a verification check on an applicant. A check is a bundle of one or more reports (document, facial_similarity_photo, watchlist, etc). This is the step that actually triggers...
-
create_client_tokenExecuteMint a Braintree client token via createClientToken for client-side tokenization (Drop-in, Hosted Fields, mobile SDKs). Pass a customerId to scope the token to a customer for va...
-
create_device_fingerprint_sessionExecuteStart a device fingerprint session. Returns a session_token the client embeds via ClearSale
-
create_workflow_runExecuteStart an Onfido Studio workflow run. Studio is Onfido
-
issue_challengeExecuteIssue an authentication challenge (OTP via SMS/email or KBA question) to a buyer. Use as a step-up after EM_ANALISE or for high-risk flows.
-
onboarding_process_createExecuteKick off an orchestrated onboarding pipeline that chains KYC + biometrics + signature in one call. Returns process_id; track via onboarding_process_get. POST /v1/onboarding/proc...
-
resolve_manual_reviewExecuteManually resolve an order currently in EM_ANALISE by approving or declining it. Use when an analyst overrides ClearSale
-
resume_inquiryExecuteResume a paused inquiry — returns a fresh one-time session token / link so the end user can continue a flow that was abandoned or needs additional steps (e.g. after a
-
send_button_actionsExecuteSend interactive action buttons (CALL, URL, REPLY). Do not mix REPLY with CALL/URL in the same message.
-
send_button_listExecuteSend a button list message via WhatsApp
-
send_custom_eventExecuteSend a custom (merchant-defined) event to Sift
-
send_loginExecuteSend a $login event to Sift
-
send_logoutExecuteSend a $logout event to Sift
-
send_order_for_analysisExecuteSubmit an order to ClearSale for fraud analysis. Returns a score (0-100) and a decision (APROVADO / REPROVADO / EM_ANALISE). Include as much signal as possible — billing + shipp...
-
send_rcsExecuteSend an RCS (Rich Communication Services) message
-
send_smsExecuteSend an SMS message
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.