High-risk tools in Simple MCP
11 of the 34 tools in Simple MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
click_mouseExecuteClick the mouse at the specified coordinates, or at the current position if not specified.
-
install_python_libraryExecuteinstall_python_library
-
move_mouse_toExecuteMove the mouse cursor to the specified screen coordinates.
-
press_hotkeyExecutePress a combination of keys as a hotkey (e.g., ctrl, tab).
-
run_python_codeExecuteExecute a snippet of Python code and return the output or error.
-
schedule_function_callExecuteschedule_function_call
-
schedule_recurring_jobExecuteschedule_recurring_job
-
schedule_telegram_messageExecuteschedule_telegram_message
-
switch_to_windowExecuteSwitch focus to a window with the specified title.
-
type_textExecuteSimulate typing the given text using the keyboard.
-
youtube_download_videoExecuteDownload a YouTube video in MP4 format.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.