High-risk tools in Build

High severity Build MCP Server 8 of 9 tools

8 of the 9 tools in Build are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

build Execute 4/5

Runs a build command and returns structured success/failure with errors and warnings. Allowed commands: ant, bazel, bun, bunx, cargo, cmake, dotnet, esbuild, go, gradle, gradlew...
esbuild Execute 3/5

Runs the esbuild bundler and returns structured errors, warnings, and output files.
lerna Execute 4/5

Runs Lerna monorepo commands (list, run, changed, version) and returns structured package information.
nx Execute 3/5

Runs Nx workspace commands and returns structured per-project task results with cache status.
rollup Execute 3/5

Runs Rollup bundler and returns structured bundle output with errors and warnings.
turbo Execute 3/5

Runs Turborepo tasks and returns structured per-package results with cache hit/miss info.
vite-build Execute 4/5

Runs Vite production build and returns structured output files with sizes.
webpack Execute 4/5

Runs webpack build with JSON stats output and returns structured assets, errors, and warnings.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Build

Tools at high risk

Attacks that target this class

More on Build

Enforce policy on Build