High-risk tools in Waiaas

High severity Waiaas MCP Server 11 of 126 tools

11 of the 126 tools in Waiaas are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

hl_spot_cancel Execute

Cancel one or all spot orders for a market on Hyperliquid
build_userop Execute

build_userop
execute Execute

Execute cross-chain bridge via Across Protocol SpokePool depositV3
call_contract Execute

call_contract
encode_calldata Execute

encode_calldata
request_validation Execute

Request on-chain validation for an agent via Validation Registry
sign_message Execute

sign_message
sign_transaction Execute

sign_transaction
sign_userop Execute

sign_userop
simulate_transaction Execute

simulate_transaction
hl_set_leverage Execute

Set leverage multiplier for a market on Hyperliquid

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in Waiaas

Tools at high risk

Attacks that target this class

More on Waiaas

Enforce policy on every Waiaas tool call.