High-risk tools in Kubernetes

High severity Kubernetes MCP Server 4 of 37 tools

4 of the 37 tools in Kubernetes are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

pods_exec Execute 3/5

Execute a command in a Kubernetes Pod (shell access, run commands in container) in the current or provided namespace with the provided name and command
pods_run Execute 3/5

Run a Kubernetes Pod in the current or provided namespace with the provided container image and optional name
resources_scale Execute 3/5

Get or update the scale of a Kubernetes resource in the current cluster by providing its apiVersion, kind, name, and optionally the namespace. If the scale is set in the tool ca...
vm_lifecycle Execute 3/5

Manage VirtualMachine lifecycle: start, stop, or restart a VM

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Kubernetes

Tools at high risk

Attacks that target this class

More on Kubernetes

Enforce policy on Kubernetes