High-risk tools in MCP Memory Gateway
7 of the 57 tools in MCP Memory Gateway are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
bootstrap_internal_agentExecuteNormalize a GitHub/Slack/Linear trigger into startup context, construct a recall pack, prepare a git worktree sandbox, and emit an execution plus reviewer-lane plan.
-
railway-deployExecuteRailway deployment best practices
-
recallExecuteRecall relevant past feedback, memories, and prevention rules for the current task. Call this at the start of any task to inject past learnings into the conversation.
-
reflect_on_feedbackExecuteRun a post-mortem analysis on negative feedback. Returns a proposed rule and recurrence info.
-
run_harnessExecuteExecute a natural-language harness through the async job runner with checkpoints, verification, and proof-backed outcomes.
-
session_primerExecuteRead the most recent session handoff primer to restore context from the previous session. Call at session start.
-
start_handoffExecuteStart a sequential delegation handoff from a delegation-eligible intent plan
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.