High-risk tools in Mcp Swarm
10 of the 42 tools in Mcp Swarm are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
swarm_build_indexExecute构建整个代码库的索引,用于快速搜索和导航。
-
swarm_chatExecute根据任务内容自动选择最合适的模型并调用你的 API 进行对话。支持 8 个模型:qwen3.5-plus、qwen3-max-2026-01-23、qwen3-coder-next、qwen3-coder-plus、MiniMax-M2.5、glm-5、glm-4.7、kimi-k2.5。
-
swarm_chat_with_modelExecute使用指定模型调用 API。可选模型:
-
swarm_create_dynamic_agentsExecute根据任务描述自动生成多个 specialized sub-agents,实现自组织结构(参考 Kimi K2.5 Agent Swarm)。
-
swarm_execute_skillExecute执行指定的技能(如代码审查、文档生成等)。
-
swarm_execute_swarmExecute执行已创建的 Agent 蜂群任务,支持并行、辩论、Map-Reduce 等协调策略。
-
swarm_execute_workflowExecute执行一个多步骤的工作流。支持内置工作流或自定义工作流定义。
-
swarm_run_lintExecute运行代码检查工具。
-
swarm_run_testExecute运行测试套件。
-
swarm_validate_with_gatesExecute使用质量门控验证内容(代码、文档等)。
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.