High-risk tools in QGIS MCP
9 of the 100 tools in QGIS MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_commandsExecuteExecute multiple commands in a single round-trip. Each command is
-
execute_codeExecuteExecute arbitrary PyQGIS code. Use for operations not covered by other tools.
-
execute_processingExecuteExecute a QGIS Processing algorithm. Use get_algorithm_help to discover parameters.
-
execute_processing_batchExecuteRun one algorithm once per parameter dict in
-
execute_sqlExecuteSQL across loaded layers via a virtual layer; reference layers by name in
-
reload_pluginExecuteReload a QGIS plugin by name. Cannot reload the MCP plugin itself.
-
run_modelExecuteRun a Processing model by registered id (e.g.
-
transform_coordinatesExecuteTransform coordinates between CRS. Accepts a point {x, y},
-
zoom_to_layerExecuteZoom the map canvas to the full extent of the specified layer.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.