High-risk tools in BNB Chain MCP
38 of the 1240 tools in BNB Chain MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
cancel_proposalExecuteCancel a proposal (only proposer or if proposer
-
make_app_clear_txnExecuteCreate an application clear state transaction
-
BinanceNewUserDataStreamExecuteCreate a new user data stream to receive account updates via WebSocket.
-
compile_tealExecuteCompile TEAL source code
-
deploy_contractExecuteDeploy a smart contract from bytecode and constructor arguments
-
deploy_create2ExecuteDeploy a contract using CREATE2 for deterministic addresses across chains
-
deploy_proxyExecuteDeploy a proxy contract (UUPS or TransparentUpgradeableProxy) pointing to an implementation
-
execute_multicallExecuteExecute multiple contract calls in a single transaction
-
execute_proposalExecuteExecute a queued proposal after timelock delay
-
gateway_execute_rpcExecuteExecute blockchain RPC calls through Tatum
-
geckoterminal_new_poolsExecuteGet newly created pools across all networks or on a specific network - catch new token launches early
-
parse_unitsExecuteConvert a human-readable value to its smallest unit (e.g., ETH to wei)
-
plugins_executeExecuteExecute a plugin function through the SperaxOS gateway. Routes the request to the appropriate plugin API and returns the result.
-
wait_for_transactionExecuteWait for a transaction to be confirmed (mined). Polls the network until confirmation.
-
abi_encodeExecuteABI encode parameters (standard Solidity encoding)
-
api_ultrade_wallet_signinExecuteSign in to trading account
-
BinanceDeliveryChangePositionModeExecuteChange COIN-M Futures position mode between Hedge Mode and One-way Mode.
-
BinanceOptionsRenewListenKeyExecuteExtend the validity of an options listen key by 60 minutes. Should be called periodically to keep the user data stream active.
-
call_api_endpointExecutecall an endpoint in the HIVE API. Note: use the category endpoints to get the list of endpoints and
-
hash_messageExecuteHash a message using EIP-191 format
-
hash_typed_dataExecuteHash typed structured data according to EIP-712
-
queue_proposalExecuteQueue a successful proposal for execution (requires Timelock)
-
sign_bytesExecuteSign arbitrary bytes with a secret key
-
sign_messageExecuteSign a message using personal_sign (EIP-191)
-
sign_transactionExecuteSign a transaction with a secret key
-
sign_typed_dataExecuteSign typed data using EIP-712
-
simulate_bundleExecuteSimulate a bundle of transactions to check execution and returns
-
simulate_raw_transactionsExecuteSimulate raw transactions
-
simulate_transactionExecuteSimulate a transaction to check for potential issues before execution
-
simulate_transactionsExecuteSimulate transactions with detailed configuration
-
upgrade_proxyExecuteUpgrade a proxy contract to a new implementation address
-
cast_voteExecuteCast a vote on a governance proposal
-
create_erc20_tokenExecuteCreate a new ERC20 token
-
create_permit_signatureExecuteCreate an EIP-2612 permit signature for gasless token approvals
-
make_app_call_txnExecuteCreate an application call transaction
-
make_app_closeout_txnExecuteCreate an application close out transaction
-
make_app_update_txnExecuteCreate an application update transaction
-
write_contractExecuteWrite data to a smart contract by calling a state-changing function
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.