High-risk tools in LaunchFrame MCP
12 of the 56 tools in LaunchFrame MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
cli_database_queryExecutecli_database_query
-
cli_deploy_buildExecuteManually build production Docker images and push to GitHub Container Registry. Optionally build a specific service only. NOTE: Only use this for manual deployments. If the proje...
-
cli_deploy_upExecuteDeploy the latest images to the VPS and restart all production services via SSH.
-
cli_dev_npm_installExecuteRun npm install inside a service directory using a node:20-alpine Docker container (matches the build environment). Use this to add packages or update package-lock.json.
-
cli_docker_buildExecuteBuild Docker images for a LaunchFrame project (all services or a specific one).
-
cli_docker_downExecuteStop all running Docker services for a LaunchFrame project.
-
cli_docker_upExecuteStart Docker services for a LaunchFrame project. Always runs detached (background). Use cli_docker_logs to inspect output afterward.
-
cli_migration_runExecuteRun all pending TypeORM database migrations against the local database.
-
cli_module_addExecuteInstall a module into a LaunchFrame project. Runs non-interactively (skips confirmation). Rebuilds affected containers and restarts the stack in detached mode.
-
cli_waitlist_deployExecuteBuild and deploy the waitlist service to the VPS via SSH.
-
cli_waitlist_downExecuteStop the locally running waitlist service.
-
cli_waitlist_upExecuteStart the waitlist service locally using Docker Compose.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.