High-risk tools in Yaver
195 of the 1060 tools in Yaver are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
adb_commandExecuteRun a command on an Android device via ADB.
-
agent_graph_startExecuteStart a dependency-aware agent graph. Pass allowed_devices to choose the Yaver mesh pool and allowed_runners to constrain which runners remote nodes may use. Custom nodes can re...
-
agent_graph_stopExecuteStop a running agent graph.
-
analytics_startExecuteStart a self-hosted analytics stack via Docker. Replaces PostHog Cloud ($0-450/mo), Mixpanel, Plausible.
-
analytics_stopExecuteStop the analytics Docker stack.
-
android_app_launchExecuteLaunch an installed package in Redroid and return visible UI text plus whether it appears installed.
-
android_lintExecuteRun Android lint checks.
-
auth_dev_startExecuteStart a local auth server for development. Replaces Clerk ($25/mo), Auth0, WorkOS.
-
auth_dev_stopExecuteStop the local auth server.
-
autoideas_startExecuteStart a yaver autoideas run on a local project. Long-lived loop that asks the AI for fresh single-PR-sized ideas every tick and appends them as `- [ ] <title>` lines to ideas.md...
-
autoinit_startExecuteBootstrap a project init.md (cached project context for autonomous yaver runs). Drastically cuts the per-kick token + wall-clock cost of autoideas because runners read init.md i...
-
backend_startExecuteStart PocketBase backend (built-in DB + auth + storage + realtime).
-
backend_stopExecuteStop PocketBase backend.
-
banditExecuteRun Bandit Python security analysis.
-
benchmarkExecuteRun project benchmarks. Auto-detects: go bench, cargo bench, npm bench.
-
brakemanExecuteRun Brakeman Ruby/Rails security scanner.
-
browser_evaluateExecuteExecute JavaScript in the browser and return the result. Use for complex interactions, reading localStorage/cookies, or extracting data that CSS selectors can't reach.
-
browser_interactive_startExecuteStart a GENERIC human-in-the-loop co-browse: opens a headful browser with a persistent profile, navigates to a URL, and returns frame/input HTTP paths so a human can solve a cap...
-
browser_interactive_stopExecuteStop an interactive co-browse session. The on-disk profile (cookies/auth) persists so later automation can reuse it.
-
browser_navigateExecuteNavigate to a URL. Returns a screenshot of the page after navigation plus the page title. Use this as the first step after browser_open.
-
browser_waitExecuteWait for a CSS selector to become visible on the page. Use before clicking/typing elements that load dynamically.
-
browser_wait_navigationExecuteWait for the page URL to change (e.g., after a form submission or OAuth redirect).
-
build_androidExecuteDiscover an Android-capable project in the repo, choose the correct builder for its stack (RN/Expo/Flutter/Kotlin), and start an AAB build.
-
build_iosExecuteDiscover an iOS-capable project in the repo, choose the correct builder for its stack (RN/Expo/Flutter/Swift), and start an IPA build.
-
cargo_bench_suiteExecuteRun Rust benchmarks.
-
cargo_buildExecuteBuild Rust project.
-
cargo_cleanExecuteClean Rust build artifacts.
-
cargo_docExecuteBuild Rust docs.
-
cast_startExecuteStart an agent-side terminal recording. Wraps the given command via the asciinema CLI. Only one recording at a time.
-
cast_stopExecuteStop the active terminal recording and save it to the cast index.
-
cf_deployExecuteDeploy Cloudflare Worker.
-
clang_compileExecuteCompile C/C++ with Clang.
-
clip_startExecuteStart a local screen recording on the agent's Mac or Linux box via ffmpeg. Returns the session id; call clip_stop to finalise.
-
clip_stopExecuteStop the active screen recording. Finalises the mp4 with a flushed moov atom.
-
cloud_backupExecuteTrigger a manual cloud backup.
-
cloud_cliExecuteRun AWS, GCP, or Azure CLI commands.
-
cloud_deployExecuteDeploy app to Yaver Cloud (managed Hetzner VPS). Provisions server, deploys Docker containers, sets up SSL/DNS/backups.
-
cloud_emu_startExecuteStart local cloud emulators. Provider: aws (MinIO/DynamoDB/ElasticMQ), azure (Azurite), gcp (Firebase Emulator Suite).
-
cloud_emu_stopExecuteStop local cloud emulators.
-
cloud_scaleExecuteChange Yaver Cloud plan tier.
-
cmake_buildExecuteBuild CMake project.
-
cms_startExecuteStart a headless CMS (Keystatic, Tina, Decap, or PocketBase).
-
cms_stopExecuteStop the CMS.
-
code_deployExecuteRun a deployment from the current `yaver code` target or from an explicitly selected repo/machine. Supports direct host deploys to TestFlight, Play internal testing, Convex, Clo...
-
code_devExecuteRun a dev-loop action against the current `yaver code` target. Supported actions today: `status`, `reload`. Optional device_id targets another owned Yaver machine's code control...
-
code_mesh_startExecuteStart a `yaver code --mesh` run: plan → implement → verify chat chain across the available machine pool. Thin wrapper over agent_graph_start with defaults matching the yaver cod...
-
companion_upExecuteArm the companion manifest (yaver.companion.yaml) at repo: schedule HTTP crons on the in-process scheduler and start/instal durable workers as OS units. Idempotent. Reboot-durable.
-
convex_actionExecuteRun a Convex action via admin HTTP API.
-
convex_deployExecuteDeploy Convex functions.
-
convex_mutateExecuteRun a Convex mutation via admin HTTP API.
-
convex_runExecuteRun a Convex function.
-
cppcheckExecuteRun cppcheck C/C++ static analysis.
-
db_seedExecuteRun database seed file.
-
deploy_listExecuteList deploy history for a project.
-
deploy_rollbackExecuteRoll back to a prior deploy's commit.
-
deploy_runExecuteRun a deploy: git pull → build → swap containers → healthcheck → auto-rollback on failure.
-
dev_environment_clone_startExecuteStart cloning a coding-focused Yaver dev environment. Reuses toolchain sync, repo clone, runner auth verification, and yaver code config.
-
device_reauth_startExecuteStart Yaver re-auth on an owned remote machine through the existing /auth/recover path. auto picks the safest mode for the detected state: typically direct for auth-expired, pai...
-
device_reauth_waitExecuteWait for remote Yaver auth recovery to complete. Preferred usage is recovery_id + wait_token from device_reauth_start; device_id-only fallback still probes machine health for ol...
-
diagnoseExecuteRun the yaver self-check (binary paths, running procs, ports, auth state, workspace manifest, systemd unit, runtime deps). Returns the event list and final summary. Equivalent t...
-
docker_buildExecuteBuild a Docker image from Dockerfile.
-
docker_composeExecuteRun docker compose actions (up, down, ps, logs, restart).
-
docker_execExecuteExecute a command inside a Docker container.
-
docker_restartExecuteRestart a container.
-
docker_startExecuteStart a stopped container.
-
docker_stopExecuteStop a running container.
-
domain_ddns_startExecuteStart dynamic DNS updater (auto-update Cloudflare DNS when IP changes).
-
droid_launchExecuteLaunch an installed Android app whose package id contains the given substring, via its LAUNCHER intent (adb monkey). Returns the resolved package name.
-
eas_buildExecuteStart an EAS Build (Expo).
-
exec_commandExecuteExecute a shell command on this machine or an owned remote Yaver device and return the output. Commands are validated through the sandbox (dangerous patterns like rm -rf / are b...
-
expose_startExecuteExpose a local port to the internet. Replaces ngrok ($10/mo). Uses Cloudflare Quick Tunnel (free, zero config).
-
expose_stopExecuteStop a tunnel.
-
firebase_deployExecuteDeploy to Firebase (hosting, functions, etc.).
-
flutter_buildExecuteBuild a Flutter app.
-
flutter_doctorExecuteRun flutter doctor to check environment.
-
fly_deployExecuteDeploy to Fly.io.
-
gateway_actExecutePersonal Agent Gateway: perform an ACTION (write) as you on one of YOUR connectors — start a charge, buy a ticket, place an order, pay. By DEFAULT (execute omitted/false) this i...
-
gateway_act_confirmExecutePersonal Agent Gateway: confirm + execute a previously previewed act (from gateway_act dry-run). The confirm call IS the second key: answer 'approve' to execute, anything else d...
-
gateway_intentExecutePersonal Agent Gateway: route a natural-language utterance to the right engine — a coding task (runner), a gateway READ (runs it, returns the answer), or a gateway ACT (returns ...
-
gcc_compileExecuteCompile C/C++ with GCC.
-
gh_runExecuteRun any `gh` (GitHub CLI) subcommand. Pass the args as a list (no leading `gh`). Pre-flights install + auth state, returns a clear error when the CLI is missing or unauthed. Use...
-
git_oauth_startExecuteStart a GitHub or GitLab Device Flow (RFC 8628) authorization on the local machine or a remote owned peer. Returns a short user_code + verification_uri the user opens in any bro...
-
github_workflow_runExecuteTrigger a GitHub Actions workflow_dispatch run.
-
glab_runExecuteRun any `glab` (GitLab CLI) subcommand. Same shape as gh_run. Use for MR/issue/CI/snippet/release ops not covered by gitlab_* tools.
-
go_buildExecuteBuild Go project.
-
go_pprof_cpuExecuteRun Go CPU profiling via test benchmarks or pprof URL.
-
go_pprof_heapExecuteRun Go heap profiling.
-
go_staticcheckExecuteRun staticcheck.
-
gosecExecuteRun gosec Go security analysis.
-
gradle_buildExecuteRun a Gradle build task.
-
ha_serviceExecuteCall a Home Assistant service — turn on/off lights, start vacuum, set thermostat, trigger scenes. Works with Xiaomi, Hue, IKEA, and all HA integrations.
-
heaptrackExecuteRun heaptrack for heap allocation profiling (Linux).
-
infra_powerExecuteRun a managed power action. Supports agent_shutdown and host_reboot. Requires confirm=true.
-
infra_service_actionExecuteStart, stop, restart, or inspect a managed service. Scope can be dev (.yaver/services.yaml) or system (systemd/brew services).
-
k8s_execExecuteExecute a command in a Kubernetes pod.
-
lambda_invokeExecuteInvoke an AWS Lambda function.
-
lemonsqueezy_webhook_listenExecuteStart local webhook listener for Lemon Squeezy events.
-
lemonsqueezy_webhook_stopExecuteStop the Lemon Squeezy webhook listener.
-
lintExecuteRun linter on the project. Auto-detects: go vet, eslint, ruff/flake8, clippy.
-
lizardExecuteRun lizard code complexity analysis (supports 20+ languages).
-
mail_dev_startExecuteStart local SMTP catch-all server (mailpit). Replaces Resend ($10-30/mo), Mailtrap. Catches all outgoing email for testing.
-
mail_dev_stopExecuteStop the local mail server.
-
mail_draftExecuteDraft a reply to a message. Pulls the thread + recent sent-folder mail for tone, then pipes through the configured AI runner when execute=true and returns the draft text. Otherw...
-
make_cleanExecuteRun make clean.
-
make_runExecuteRun a Make target.
-
managed_quality_runExecuteRun Yaver quality checks for the project on this Yaver CPU (tests/lint/typecheck/format when detected). Presents as quality checks for normies, not raw CI.
-
mobile_hermes_doctorExecuteAgent-friendly doctor for the common React Native / Expo phone reload path. Resolves the mobile project inside a monorepo, checks local tools, dependency install state, Hermes c...
-
mobile_hermes_reloadExecuteTrigger a Hermes hot-reload of the React Native / Expo app currently under test. Thin wrapper over POST /dev/reload — computes a native-fingerprint delta against the dev-server ...
-
mobile_platform_deployExecuteBuild/verify/upload Yaver platform-specific mobile surfaces. target=tv runs Android TV + tvOS, android-tv verifies leanback metadata and uploads the shared Play AAB, tvos archiv...
-
mobile_project_buildExecuteStart the project's dev server if needed and build the Hermes bundle that Yaver loads on the phone. Works locally or on an owned remote Yaver device. This is the MCP path for a ...
-
mock_recordExecuteStart recording mode — capture real API responses as mock routes.
-
mock_startExecuteStart an API mock server.
-
mock_stopExecuteStop the mock server.
-
models_runExecuteQuick inference with a local model.
-
models_serveExecuteStart Ollama server if not running.
-
morning_latestExecuteReturn the most recent morning match-report — what shipped overnight from an autodev run. One line per task: title, status (shipped/failed/rolled-back), files changed, commit sh...
-
native_buildExecuteBuild or install a native iOS, Android, or Flutter app. Yaver discovers matching mobile projects under work_dir (including mobile/, app/, apps/*, packages/*). If more than one c...
-
npm_run_scriptExecuteRun an npm script (or list all scripts).
-
perf_lighthouseExecuteRun a Lighthouse audit on a URL. Returns performance, accessibility, best practices, SEO scores and Core Web Vitals.
-
perf_loadtestExecuteRun a load test on a URL. Returns RPS, latency percentiles, error rate.
-
phone_project_runtime_deployExecuteHigh-level runtime deploy for a phone sandbox. Can connect provider accounts, promote to Convex Cloud or Cloudflare Workers, push to Yaver Cloud or a custom/self-hosted Yaver ta...
-
pip_compileExecuteCompile pip requirements.
-
pipeline_runExecuteRun a local CI/CD pipeline from GitHub Actions or GitLab CI YAML. Executes on the dev machine — no cloud runner needed. Hardware-aware, supports matrix builds, Docker services, ...
-
pipeline_stopExecuteCancel a running pipeline.
-
platform_deployExecuteDeploy an app to Yaver Platform.
-
platform_previewExecuteCreate a preview deploy from a branch.
-
platform_webhookExecuteSet up GitHub/GitLab push-to-deploy webhook.
-
preview_stopExecuteStop a preview environment.
-
preview_stop_allExecuteStop all preview environments.
-
preview_stop_servingExecuteStop serving the active preview/dev server, regardless of whether it is Expo Web, Vite, Next.js, Flutter Web, or another active preview surface.
-
project_contextExecuteFetch the repo's agent-guidance files (CLAUDE.md, AGENTS.md, AI_ARCH.md, REMOTE_WORKER.md) plus the project's init.md. Every result is prefixed with a stale-docs warning. Use th...
-
project_new_quickExecuteOne-shot fullstack project scaffold. Skips the interactive wizard and creates a self-hosted-first monorepo (apps/{web,landing,mobile}, packages/shared, backend/) at parentDir/<s...
-
project_wizard_startExecuteStart a new fullstack project wizard session. Returns sessionId + first question. Call project_wizard_answer repeatedly, then project_wizard_generate.
-
proxy_startExecuteStart local reverse proxy (Caddy) with HTTPS for local development.
-
proxy_stopExecuteStop the local reverse proxy.
-
pscale_deployExecuteCreate PlanetScale deploy request.
-
pytest_suiteExecuteRun Python tests with pytest.
-
railway_deployExecuteDeploy to Railway.
-
raycastExecuteTrigger a Raycast extension (macOS).
-
record_startExecuteStart capturing a video for the morning reel. Picks the best-available driver for the requested target, falling back to full-screen capture if the specific target (ios-sim/andro...
-
record_stopExecuteFinalize the recording started for (run_id, task_id). Returns duration_ms + size_bytes. After this the video is served at /recordings/{run_id}/{task_id}/video.mp4 with byte-rang...
-
recovery_target_startExecuteStart auth recovery against an explicit remote Yaver base URL when the caller is not signed into Yaver locally. Requires either bootstrap_secret or bearer_token. direct/device-c...
-
recovery_target_waitExecutePoll a previously-started explicit-target recovery session until it completes, fails, or times out. Requires target_url plus the recovery_id/wait_token returned by recovery_targ...
-
remote_execExecuteExecute a command on a remote machine.
-
routine_run_nowExecuteFire a routine immediately, out of band. Does not reset its cron cadence — useful for testing the verb invocation without waiting.
-
ruff_suiteExecuteRun Ruff (check, format, or fix).
-
run_shortcutExecuteRun an Apple Shortcut (macOS only).
-
run_testsExecuteRun the project's test suite. Auto-detects framework (go test, jest, vitest, pytest, cargo test, make test) or accepts a custom command.
-
runner_auth_browser_startExecuteStart the interactive browser/device-auth login flow for Claude Code or Codex on the local or a remote Yaver machine.
-
scale_cacheExecuteAdd Redis caching layer.
-
scale_cdnExecuteAdd CDN in front of your app (Cloudflare or Bunny).
-
scale_checkExecuteAnalyze resource usage and generate scaling recommendations.
-
scale_optimizeExecuteRun automatic performance optimizations (compression, caching, DB tuning).
-
scale_planExecutePreview what upgrading/downgrading a plan would change.
-
screenlog_auditExecuteReturn the local screenlog audit trail (start/stop/deny/policy events with caller remoteness + peer id). Lets the recorded machine's owner see who started recording and when.
-
screenlog_autostartExecuteGet or set the reboot-durable 'keep recording' intent. With set=true + enabled, the agent auto-resumes screenlog on every start — local, auth/internet-independent — so a reboote...
-
screenlog_driversExecuteReport whether local screen-frame capture works on this host and which driver is used (macOS screencapture / Linux scrot-or-gnome / Windows PowerShell / WSL→Windows interop). Ru...
-
screenlog_startExecuteStart a LOCAL-ONLY screen-frame recording (the talos PC-monitor 'screen as images', local-only). Periodically screenshots every display, perceptually de-duplicates near-identica...
-
screenlog_stopExecuteStop the active screenlog recording. Returns the session id, kept-frame count, and local viewUrl.
-
semgrepExecuteRun Semgrep multi-language static analysis.
-
seo_auditExecuteRun a full SEO audit on the site (meta tags, headings, images, sitemap, schema, speed).
-
service_actionExecuteStart, stop, restart, enable, or disable a system service.
-
services_startExecuteStart all or specific local development services (Postgres, Redis, MinIO, etc.) from .yaver/services.yaml.
-
services_stopExecuteStop all or specific local development services.
-
shellcheckExecuteRun ShellCheck on shell scripts.
-
site_buildExecuteBuild the static site.
-
site_deployExecuteDeploy the site to Yaver Platform.
-
sonarscannerExecuteRun SonarQube/SonarCloud scanner.
-
stop_taskExecuteStop a running task.
-
storage_startExecuteStart local S3-compatible storage (MinIO).
-
storage_stopExecuteStop local MinIO storage.
-
stripe_listenExecuteStart Stripe webhook listener for local development. Forwards webhooks to localhost.
-
stripe_stopExecuteStop the Stripe webhook listener.
-
stripe_triggerExecuteTrigger a test Stripe webhook event.
-
supabase_dbExecuteExecute SQL on Supabase database.
-
supabase_deployExecuteDeploy Supabase (db push or function deploy).
-
systemctlExecuteManage systemd services (status, start, stop, restart, enable, disable, list, failed, timers).
-
testkit_last_failureExecuteRead the most recent failed run from local history. Returns the spec name, the failing step, the screenshot path, and the error — exactly what an AI agent needs to propose a patch.
-
testkit_runExecuteRun the yaver-test-sdk specs end-to-end on the dev's machine via the embedded chromedp runner. Returns suite results inline. Use this to drive a 'fix → test → fix' loop without ...
-
valgrind_callgrindExecuteRun Valgrind callgrind for call graph profiling.
-
valgrind_massifExecuteRun Valgrind massif for heap profiling.
-
valgrind_memcheckExecuteRun Valgrind memcheck for memory leak detection.
-
vibe_preview_startExecuteStart a vibe-preview session: headless Chrome captures the dev server URL at adaptive FPS. The mobile app + web dashboard see the same SSE stream you do. Returns the session met...
-
vibe_preview_stopExecuteStop a vibe-preview session by project. Idempotent.
-
web_preview_reloadExecuteTrigger a hot reload on the active web dev server.
-
web_preview_startExecuteStart a web dev server (Next.js, Vite, Flutter Web, Expo Web) for a named workspace app. Returns the iframe URL to embed.
-
web_preview_stopExecuteStop serving the active web preview.
-
xcode_buildExecuteBuild an Xcode project.
-
yaver_auth_link_startExecuteConnect an ADDITIONAL OAuth provider to the currently signed-in account — e.g., user signed up with Apple but wants to also sign in with GitHub, GitLab, Google, or Microsoft. Re...
-
yaver_auth_link_waitExecutePoll the account's linked identities until the requested provider appears (or timeout). Preferred over manual polling after yaver_auth_link_start. Default timeout 120s.
-
yaver_auth_startExecuteStart a headless device-code sign-in for Yaver (Apple / GitHub / Google / Microsoft OAuth). Returns {url, user_code, device_code, qr_ascii, expires_at_ms}. Render the URL + QR t...
-
yaver_auth_waitExecuteBlock until the device code is authorized, expires, or the timeout fires. Preferred over yaver_auth_poll for coding agents that can accept a ~2-minute tool call. On authorized: ...
-
yaver_doctorExecuteRun a comprehensive system health check — auth, agent, runners, relay servers, tunnels, network, tmux sessions. Like 'yaver doctor' on the CLI.
-
yaver_onboardExecuteDrive the first-run onboarding flow for a fresh Yaver install. Returns the ordered checklist of steps the user still needs to complete (auth, bootstrap secret, tunnel, runner, e...
-
yaver_self_host_onboardingExecuteHigh-level guided MCP flow for setting up Yaver on the user's own machine/VPS. Returns normie-friendly next steps for auth, serve, phone pairing, repo selection, runner setup, G...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.