High-risk tools in Lsp
3 of the 29 tools in Lsp are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
lsp_code_actionsExecuteGet quick fixes and refactoring suggestions at a position. Use to auto-fix errors, organize imports, extract functions, or apply other automated transformations. Set apply=true ...
-
lsp_start_serverExecuteStart a language server manually for a workspace. Usually not needed—servers auto-start when you use other LSP tools. Use only when you need explicit control over server lifecycle.
-
lsp_stop_serverExecuteStop a running language server to free resources. Servers auto-stop after idle timeout, so manual stop is rarely needed.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.