High-risk tools in Run402
14 of the 171 tools in Run402 are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ai_moderateExecuteRun content moderation on text. Returns flagged status and category scores. Free for all projects, requires service key.
-
contract_deployExecuteDeploy a smart contract from a KMS signer (signs a contract-creation tx with
-
deployExecuteUnified apply primitive. Accepts a structured ReleaseSpec — database (migrations + expose), value-free secrets.require/delete declarations, functions, site, site.public_paths, s...
-
deploy_functionExecuteDeploy a serverless function (Node 22) to a project. Handler signature: export default async (req: Request) => Response. The function can
-
deploy_resumeExecuteResume a deploy operation that ended in
-
deploy_siteExecuteDeploy a static site (HTML/CSS/JS) from inline file bytes. Files are staged to a temp directory, then uploaded via the v1.32 plan/commit transport — only bytes the gateway doesn
-
deploy_site_dirExecuteDeploy a static site from a local directory. Walks the tree, hashes each file, and uploads only the bytes the gateway doesn
-
functions_rebuildExecuteRefresh function(s) onto the platform
-
initExecuteSet up agent allowance, request faucet funding, and check tier status — single-call bootstrap. Idempotent, safe to re-run.
-
invoke_functionExecuteInvoke a deployed function via HTTP. Returns the function
-
passkey_login_verifyExecuteVerify a browser WebAuthn assertion and return a normal Run402 auth session.
-
redrive_mailbox_webhook_deliveryExecuteRe-queue a dead-lettered (failed_permanent) webhook delivery so the worker attempts delivery again. Use after fixing the consumer endpoint.
-
run_sqlExecuteExecute SQL (DDL or queries) against a provisioned project. Returns results as a markdown table.
-
test_notificationExecuteTrigger a real test notification (audit row marked is_test=true). Rate-limited per wallet at 1/min. Verifies the full pipeline end-to-end.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.