High-risk tools in Manifest MCP
7 of the 33 tools in Manifest MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
build_manifest_previewExecuteBuild a deployment manifest, validate it against the documented Fred rules, and compute the SHA-256 meta_hash that would be recorded on-chain. Use this BEFORE deploy_app to catc...
-
cosmos_queryExecuteExecute any Cosmos SDK query command. Call list_modules and list_module_subcommands first to discover available options.
-
cosmos_txExecuteExecute any Cosmos SDK transaction with automatic signing and gas estimation. Call list_modules and list_module_subcommands first to discover available options.
-
deploy_appExecuteDeploy a new containerized application. Requires funded credits (use fund_credit if needed). Creates a lease on-chain, optionally attaches a custom domain (FQDN) to the lease it...
-
deploy_app_orchestratedExecuteOrchestrate a deployment via @manifest-network/manifest-agent-core.
-
restart_appExecuteRestart a running app via the provider without closing its lease. Use this to apply configuration changes or recover from a crash.
-
wait_for_app_readyExecuteWait for a deployed app to reach the ACTIVE state on the provider, polling at the configured interval. Use this after deploy_app instead of looping app_status manually. Throws o...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.