High-risk tools in Ai Mcp Terminal
16 of the 26 tools in Ai Mcp Terminal are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_send_keysExecutebatch_send_keys
-
broadcast_commandExecutebroadcast_command
-
check_completionExecutecheck_completion
-
create_batchExecutecreate_batch
-
create_sessionExecutecreate_session
-
execute_batchExecuteexecute_batch
-
execute_commandExecuteexecute_command
-
execute_sequenceExecuteexecute_sequence
-
execute_with_retryExecuteexecute_with_retry
-
execute_workflowExecuteexecute_workflow
-
interrupt_batchExecuteinterrupt_batch
-
interrupt_commandExecutev2.0.3: Interrupt current command but keep terminal (like Ctrl+C). Terminal becomes idle state, can continue executing new commands. Recommended: Use when need to stop command b...
-
send_inputExecutev2.0: Send input to terminal, for responding to interactive commands (like npm init). When detect_interactions detects terminal waiting for input, AI uses this tool to send resp...
-
send_keysExecutev1.0.2: Send any key or text to terminal. Supports all keyboard keys: letters, numbers, symbols, function keys (F1-F12), control keys (Ctrl+X), arrow keys, etc. Can send single ...
-
send_textExecutev1.0.2: Quick send text to terminal (convenience method of send_keys). Sends string directly, not parsed as key. Suitable for quick text input
-
wait_until_completeExecutewait_until_complete
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.