High-risk tools in MCP Debug Server
24 of the 43 tools in MCP Debug Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
attach_processExecuteAttach debugger to a process by PID or name (optional if already attached during server start)
-
break_executionExecuteBreak into debugger (pause process execution)
-
connect_debuggerExecuteConnect CDB client to running CDB server session
-
create_minidumpExecuteGenerate minidump on demand
-
detach_processExecuteDetach debugger from current process
-
disconnect_debuggerExecuteDisconnect debugger client and close session
-
enable_breakpointExecuteEnable a disabled breakpoint
-
enable_exception_monitoringExecuteEnable background exception monitoring with auto-capture
-
evaluate_expressionExecuteEvaluate expression or resolve symbol address
-
execute_commandExecuteExecute any raw WinDbg command directly
-
reload_symbolsExecuteReload symbols for all modules
-
resume_executionExecuteResume process execution (go/continue)
-
resume_with_monitoringExecuteResume execution with exception monitoring
-
set_breakpointExecuteSet breakpoint at address or symbol
-
set_exception_breakExecuteSet exception breakpoint with auto-capture
-
start_debug_serverExecuteStart CDB in server mode on specified TCP port, optionally attached to a process
-
step_intoExecuteStep into next instruction (trace)
-
step_outExecuteStep out of current function
-
step_overExecuteStep over next instruction
-
stop_debug_serverExecuteStop debug server running on specified port
-
switch_threadExecuteSwitch debugger context to specific thread
-
toggle_hardware_breakpointExecuteEnable or disable a hardware breakpoint without removing it
-
write_memoryExecuteWrite data to memory at specified address
-
write_registerExecuteWrite value to a CPU register
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.