High-risk tools in Onyx Mcp
7 of the 67 tools in Onyx Mcp are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
onyx_agent_workflowExecuteRun a multi-step workflow across Onyx tools in one paid call. Each step names a tool and its args; later steps can reference earlier outputs via {"$ref": "step_N.field"} or {"$p...
-
onyx_bazaar_blue_oceanExecuteFind empty niches in the x402 paid-MCP market. Reads CDP discovery (1000+ live services), clusters by keyword, surfaces categories with 0-1 services. Use to position a new paid ...
-
onyx_browser_navigateExecuteNavigate a Chrome DevTools Protocol session to a target URL and wait for load. Returns the final URL after redirects, page title, and elapsed wait time. Use as the first step of...
-
onyx_html_metaExecuteFetch a URL and extract OpenGraph + Twitter Card + standard meta tags: og:title, og:description, og:image, og:type, twitter:card, twitter:image, canonical link, favicon, JSON-LD...
-
onyx_password_strengthExecuteScore password strength on a 0-100 scale. Returns Shannon entropy (bits), character-class diversity, length, common-pattern detection (sequences, repeats, dictionary-likeness), ...
-
onyx_url_parseExecuteParse any URL into structured components: scheme, host, port, path, query params (as both raw and decoded list), fragment, userinfo. Use when an agent needs to inspect, modify, ...
-
onyx_user_agent_parseExecuteParse any HTTP User-Agent string into a structured record: browser name/version, OS name/version, device type (desktop/mobile/tablet/bot), rendering engine. Use for analytics, f...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.