High-risk tools in Mcp
3 of the 29 tools in Mcp are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
tronsave_estimate_buy_resourceExecuteQuote price and availability for buying ENERGY or BANDWIDTH for a receiver address before placing an order. Returns estimated `unitPrice` (SUN per resource unit), `paymentAmount...
-
tronsave_internal_extend_delegatesExecuteReturn extendable delegations for a receiver plus an `extendData` payload for the extension flow. Requires a logged-in MCP session created by the `tronsave_login` tool: include ...
-
tronsave_sell_order_manualExecuteManually execute seller-side fulfillment of an existing order with a wallet `signedTx`. Returns the updated order payload after sell. Side effect: broadcasts a market/delegation...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.