High-risk tools in Roku MCP Server
7 of the 25 tools in Roku MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
roku_deep_linkExecuteTest deep linking (Roku certification requirement). Roku API: POST http://{host}:8060/launch/dev?contentId={id}&mediaType={type} Deep linking is MANDATORY for Roku certification...
-
roku_deployExecuteDeploy (sideload) the Roku app to the device. Roku API: POST http://{host}/plugin_install (Basic Auth: rokudev:{password}) Uses roku-deploy npm to zip and upload the channel. Re...
-
roku_inputExecuteSend custom input/deep-link parameters to the running app. Roku API: POST http://{host}:8060/input?{params} Sends name-value pairs via roInput to the active channel. Use for tes...
-
roku_keypressExecuteSend a remote control key press to the Roku device. Roku API: POST http://{host}:8060/keypress/{key} Available keys: Home, Rev, Fwd, Play, Select, Left, Right, Down, Up, Back,...
-
roku_keypress_sequenceExecuteSend a sequence of key presses to the Roku device. Roku API: POST http://{host}:8060/keypress/{key} (sequential) Useful for navigation: e.g., [
-
roku_launchExecuteLaunch or restart an app on the Roku device. Roku API: POST http://{host}:8060/launch/{appId}?{params} Use appId=
-
roku_run_testExecuteRun an automated integration test sequence. Orchestrates multiple actions in order: deploy, wait, screenshot, keypress, check_log, sg_nodes, element, perf, media_player, check_r...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.