High-risk tools in SSH MCP Server

High severity SSH MCP Server MCP Server 8 of 15 tools

8 of the 15 tools in SSH MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

ssh_exec Execute

Execute command over SSH using stored credentials
ssh_exec_raw Execute

Execute command over SSH with array arguments that are safely quoted for the remote shell
ssh_session_end Execute

End an interactive SSH session
ssh_session_start Execute

Start an interactive SSH session with PTY (for vim, htop, etc)
ssh_tunnel_start Execute

Start an SSH tunnel for port forwarding
ssh_tunnel_stop Execute

Stop an SSH tunnel
rsync_copy Execute

Copy files/directories between local and remote server via rsync (best for directories or large transfers)
ssh_session_send Execute

Send input to an interactive SSH session

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in SSH MCP Server

Tools at high risk

Attacks that target this class

More on SSH MCP Server

Enforce policy on every SSH MCP Server tool call.