High-risk tools in Remote Demo MCP
3 of the 6 tools in Remote Demo MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
deploy_staticExecuteDeploy to remote, deploy demo, publish demo, upload static site. 部署到远程、部署 demo、发布 demo、上传静态站点。Uses rsync to /var/www/html/demo-remote/{user}/{project}/. For OTP/interactive auth...
-
start_deploy_sessionExecuteStart interactive deploy session and return sessionId. Strict protocol: if nextAction=submit_input call submit_deploy_input; if nextAction=poll call poll_deploy_session; if next...
-
submit_deploy_inputExecuteSubmit OTP/password to an active deploy session. Always call poll_deploy_session next unless nextAction=done in response. 向活动部署会话提交 OTP/密码输入。提交后通常下一步调用 poll_deploy_session,除非返回 ...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.