High-risk tools in Tui
7 of the 13 tools in Tui are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
launchExecuteLaunch a TUI application in a managed pseudo-terminal. Returns a session ID for subsequent interactions.
-
wait_for_idleExecuteWait until the terminal buffer stops changing. Useful after sending keys to wait for the app to finish rendering.
-
wait_for_textExecuteWait until a regex pattern appears in the terminal buffer. Useful for waiting for prompts, loading states, or specific output.
-
resizeExecuteResize the terminal dimensions of a session. The TUI app will receive a SIGWINCH signal.
-
send_keysExecuteSend keystrokes to the TUI app. Use this for special keys and shortcuts, not for typing text (use send_text for that). Accepts a single key descriptor string or an array of key ...
-
send_mouseExecuteSend a mouse event to the TUI app (if the app has mouse support enabled).
-
send_textExecuteType a string of characters into the TUI app. The text is sent exactly as provided - MCP JSON handles escaping, so do not double-escape. To type a literal backslash, send one ba...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.