High-risk tools in LocalWP MCP
10 of the 29 tools in LocalWP MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
execute_wp_cliExecuteRuns a WP-CLI command against the selected LocalWP site using that site
-
execute_wp_phpExecuteRuns a high-trust PHP snippet or PHP file inside the selected LocalWP site
-
execute_wp_php_readonlyExecuteRuns a best-effort read-only PHP snippet or PHP file inside the selected LocalWP site
-
mysql_executeExecuteRuns any single SQL statement against the selected LocalWP site
-
mysql_queryExecuteRuns a SQL query against the selected LocalWP site
-
restart_local_siteExecuteRestarts the selected LocalWP site. If the site is halted, this starts it.
-
start_local_siteExecuteStarts the selected LocalWP site and all of its services.
-
stop_local_siteExecuteStops the selected LocalWP site and all of its services.
-
wp_call_functionExecuteRuns a read-oriented function call inside the selected LocalWP site
-
wp_call_static_methodExecuteRuns a read-oriented static method call inside the selected LocalWP site
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.