High-risk tools in MCP Server for VS Code
8 of the 25 tools in MCP Server for VS Code are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
debug_evaluateExpressionExecuteEvaluate an expression in the current debug context (REPL/watch functionality). Test hypotheses instantly - execute any expression without modifying code
-
debug_startSessionExecuteStart a debug session using a configuration from launch.json. Launch debugging instantly - no need to navigate to the debug panel
-
debug_stepOverExecuteStep over the current line of code (execute current line without entering functions)
-
debug_stopSessionExecuteStop the current debug session
-
debug_continueExecutionExecuteContinue execution from the current breakpoint or paused state
-
debug_pauseExecutionExecutePause the running debug session at the current execution point
-
debug_stepIntoExecuteStep into function calls on the current line
-
debug_stepOutExecuteStep out of the current function and return to the caller
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.