High-risk tools in Promethean OS MCP
20 of the 69 tools in Promethean OS MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
exec_runExecuteExecute a vetted shell command from the allowlist. Supports optional args when explicitly enabled.
-
github_graphqlExecutePost a GraphQL query to GitHub.
-
github_requestExecuteCall GitHub REST API with optional ETag cache & pagination.
-
github_review_checkout_branchExecuteCheck out an existing git branch.
-
github_review_pushExecutePush the current branch to the specified remote with optional upstream/force settings.
-
nx_generate_packageExecuteGenerate a new workspace package using the Nx tools:package generator.
-
ollama_enqueue_chat_completionExecuteQueue a chat completion against a conversation or raw messages
-
ollama_enqueue_job_from_templateExecuteQueue a job that will execute a named template
-
ollama_pullExecuteQueue a model pull (no-op executor in MVP)
-
ollama_start_conversationExecuteCreate a conversation; optionally seeds initial user message
-
pnpm_installExecuteRun pnpm install at the workspace root or limited to filtered packages.
-
pnpm_run_scriptExecuteExecute a pnpm script, optionally filtered to specific workspace packages.
-
process_enqueue_taskExecuteEnqueue a command for execution respecting concurrency limits.
-
process_stopExecuteStop a running task via id, pid, or name and return trailing output.
-
tdd_coverageExecuteRun c8+AVA to produce coverage summary; enforce optional thresholds.
-
tdd_mutation_scoreExecuteRun Stryker mutation testing and return the score (fail if below minScore).
-
tdd_property_checkExecuteDynamically import a module export that builds a fast-check property and assert it.
-
tdd_run_testsExecuteRun AVA via npx with JSON (or TAP) output and return aggregated results. For long-running watchers, use tdd_start_watch/tdd_get_watch_changes instead.
-
tdd_start_watchExecuteStart an AVA --watch process and stream output via getWatchChanges.
-
tdd_stop_watchExecuteStop the running watch process.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.