High-risk tools in Self-hosted MCP server for Claude
4 of the 12 tools in Self-hosted MCP server for Claude are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
aws_cliExecuteRun an AWS CLI command using the locally configured AWS profile. Pass arguments as an array of strings (no
-
local_execExecuteRun a shell command on the local machine where this MCP server is running. On Windows the command goes to cmd.exe; on Linux/Mac to /bin/sh. Use for git, npm, file edits, pm2 con...
-
postgres_queryExecuteRun a SQL query on a PostgreSQL database over SSH on a remote host from hosts.json. Uses psql via
-
ssh_execExecuteRun a shell command on a remote host over SSH. Two ways to specify the target:\n\n(A) PREFERRED: pass host=<name from hosts.json> only — no
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.