High-risk tools in Octocode MCP - AI Context Platform

High severity Octocode MCP - AI Context Platform MCP Server 301 of 304 tools

301 of the 304 tools in Octocode MCP - AI Context Platform are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

adyenApiKey Execute

Adyen API key
ageSecretKey Execute

Age encryption secret key
ai21ApiKey Execute

AI21 Labs API key
airtablePersonalAccessToken Execute

Airtable personal access token
algoliaApiKey Execute

Algolia API key
alibabaAccessKeyId Execute

Alibaba Cloud AccessKey ID
amazonBedrockApiKey Execute

Amazon Bedrock API key
anthropicApiKey Execute

Anthropic API key
artifactoryApiKey Execute

JFrog Artifactory API key
asanaPersonalAccessToken Execute

Asana personal access token
assemblyaiApiKey Execute

AssemblyAI API key
atlassianApiToken Execute

Atlassian API token (Jira/Confluence)
auth0ClientSecret Execute

Auth0 client secret
auth0ManagementToken Execute

Auth0 Management API token
authressServiceClientAccessKey Execute

Authress service client access key
awsAccessKeyId Execute

AWS access key ID
awsAccountId Execute

AWS account ID
awsAppSyncApiKey Execute

AWS AppSync GraphQL API key
awsIamRoleArn Execute

AWS IAM role ARN
awsLambdaFunctionArn Execute

AWS Lambda function ARN
awsMwsAuthToken Execute

AWS MWS authentication token
awsS3BucketArn Execute

AWS S3 bucket ARN
awsSecretAccessKey Execute

AWS secret access key
awsSecretsManagerArn Execute

AWS Secrets Manager secret ARN
awsSessionToken Execute

AWS session token
azureAdClientSecret Execute

Azure AD client secret
azureCosmosDbConnectionString Execute

Azure Cosmos DB connection string
azureOpenaiApiKey Execute

Azure OpenAI API key
azureServiceBusConnectionString Execute

Azure Service Bus connection string
azureStorageConnectionString Execute

Azure storage account connection string
azureSubscriptionId Execute

Azure subscription ID
azureTenantDomain Execute

Azure tenant domain (onmicrosoft.com)
base64EncodedSecrets Execute

Base64 encoded secrets in config
base64PrivateKeyContent Execute

Base64 encoded private key content
basicAuthHeader Execute

Basic authentication header with credentials
binanceApiKey Execute

Binance API key
bitbucketAppPassword Execute

Bitbucket app password
bitbucketRepoToken Execute

Bitbucket repository access token
bittrexAccessKey Execute

Bittrex access key
bugsnagApiKey Execute

Bugsnag API key
buildkiteAgentToken Execute

Buildkite agent token
bybitApiKey Execute

Bybit API key
cassandraConnectionString Execute

Cassandra connection string with credentials
circleciToken Execute

CircleCI personal API token
clerkPublishableKey Execute

Clerk publishable key
clerkSecretKey Execute

Clerk secret key
clickhouseCloudApiKey Execute

ClickHouse Cloud API secret key
clickhouseCredentials Execute

ClickHouse connection string with credentials
clojarsApiToken Execute

Clojars API token
cloudflareApiKey Execute

Cloudflare API key
cloudflareApiTokenPrefixed Execute

Cloudflare Access team domain (not API token)
cloudflareGlobalApiKey Execute

Cloudflare Global API key
cloudflareOriginCaKey Execute

Cloudflare Origin CA key
cockroachdbConnectionString Execute

CockroachDB connection string with credentials
codecovAccessToken Execute

Codecov access token
cohereApiKey Execute

Cohere API key
coinbaseAccessToken Execute

Coinbase access token
cometApiKey Execute

Comet ML API key
contentfulAccessToken Execute

Contentful access token
convexDeployKey Execute

Convex deployment key
couchdbCredentials Execute

CouchDB credentials in URL
credentialsInUrl Execute

Credentials embedded in URL
customerIoApiKey Execute

Customer.io API key
databaseUrlWithCredentials Execute

Generic database URL with embedded credentials
databricksApiToken Execute

Databricks API token
datadogApiKey Execute

Datadog API and application keys (with context)
deepseekApiKey Execute

DeepSeek API key
denoDeployToken Execute

Deno Deploy access token
depotToken Execute

Depot.dev build token
dhParameters Execute

Diffie-Hellman parameters
digitalOceanOAuthToken Execute

DigitalOcean OAuth access token
digitalOceanRefreshToken Execute

DigitalOcean OAuth refresh token
digitalOceanToken Execute

DigitalOcean API token
discordSocialBotToken Execute

Discord social bot token
discordSocialWebhookUrl Execute

Discord social webhook URL
dockerComposeSecrets Execute

Docker Compose secrets
dockerHubToken Execute

Docker Hub personal access token
dopplerApiToken Execute

Doppler API token
dotnetConnectionStrings Execute

.NET connection strings with credentials
droneCiAccessToken Execute

DroneCI access token
dropboxAccessToken Execute

Dropbox access token
dropboxAppKey Execute

Dropbox app key
dsaPrivateKey Execute

DSA private key
duffelApiToken Execute

Duffel travel API token
dynatraceApiToken Execute

Dynatrace API token
easypostApiToken Execute

EasyPost API token
ecPrivateKey Execute

Elliptic Curve private key
elasticsearchCredentials Execute

Elasticsearch credentials in URL
elevenLabsApiKey Execute

ElevenLabs API key (context-based detection)
envVarSecrets Execute

Environment variable secrets (KEY, SECRET, TOKEN, PASSWORD)
facebookAccessToken Execute

Facebook/Meta access token
facebookPageAccessToken Execute

Facebook/Meta page access token
faunadbKey Execute

FaunaDB secret key
figmaToken Execute

Figma personal access token
firebaseServiceAccountPrivateKey Execute

Firebase service account private key (JSON format)
fireworksApiKey Execute

Fireworks AI API key
flutterwaveKeys Execute

Flutterwave API keys
flyioAccessToken Execute

Fly.io API access token
flyioMachineToken Execute

Fly.io machine token
frameioApiToken Execute

Frame.io API token
freshdeskApiKey Execute

Freshdesk API key
gcpServiceAccountEmail Execute

GCP service account email
githubAppInstallationToken Execute

GitHub App installation token
githubFineGrainedToken Execute

GitHub fine-grained personal access token
githubTokens Execute

GitHub personal access token (classic)
gitlabCiJobToken Execute

GitLab CI/CD job token
gitlabDeployToken Execute

GitLab deploy token
gitlabFeatureFlagToken Execute

GitLab feature flag client token
gitlabFeedToken Execute

GitLab feed token
gitlabIncomingMailToken Execute

GitLab incoming mail token
gitlabK8sAgentToken Execute

GitLab Kubernetes agent token
gitlabOAuthAppSecret Execute

GitLab OAuth application secret
gitlabPersonalAccessToken Execute

GitLab personal access token
gitlabPipelineTriggerToken Execute

GitLab pipeline trigger token
gitlabRunnerToken Execute

GitLab runner registration token
gitlabScimToken Execute

GitLab SCIM token
gitlabSessionCookie Execute

GitLab session cookie
gocardlessApiToken Execute

GoCardless API token
googleApiKey Execute

Google API key (GCP, Gemini, Maps, YouTube, etc.)
googleOAuth2ClientId Execute

Google OAuth2 client ID
googleOAuthClientSecret Execute

Google OAuth client secret
googleOauthRefreshToken Execute

Google OAuth refresh token
googleOauthToken Execute

Google OAuth token
grafanaApiKey Execute

Grafana API key
grafanaCloudApiKey Execute

Grafana Cloud API key
grafanaServiceAccountToken Execute

Grafana service account token
grafbaseApiKey Execute

Grafbase API key
groqApiKey Execute

Groq API key
harnessApiKey Execute

Harness Access Token (PAT or SAT)
herokuApiKey Execute

Heroku API key
herokuApiKeyV2 Execute

Heroku API key (new format)
hexEncodedKey Execute

Hexadecimal encoded cryptographic key
honeycombApiKey Execute

Honeycomb API key
huggingFaceToken Execute

Hugging Face API token
infracostApiToken Execute

Infracost API token
instagramAccessToken Execute

Instagram access token
intercomAccessToken Execute

Intercom access token
jdbcConnectionStringWithCredentials Execute

JDBC connection string with embedded credentials
jiraApiToken Execute

Jira API token
jsonWebTokenEnhanced Execute

JSON Web Token with enhanced detection
jwtSecrets Execute

JWT secrets
jwtToken Execute

JWT (JSON Web Token - 3-part)
krakenAccessToken Execute

Kraken access token
kubernetesSecrets Execute

Kubernetes secrets in YAML
kucoinAccessToken Execute

Kucoin access token
kucoinSecretKey Execute

Kucoin secret key
langchainApiKey Execute

LangChain/LangSmith API key
launchdarklyAccessToken Execute

LaunchDarkly access token
launchdarklySdkKey Execute

LaunchDarkly SDK key
lemonSqueezyApiKey Execute

Lemon Squeezy API key
linearApiKey Execute

Linear API key
linkedinApiToken Execute

LinkedIn API token
logdnaApiKey Execute

LogDNA/Mezmo API key
logglyToken Execute

Loggly customer token
mailchimpApiKey Execute

MailChimp API key
mailchimpEcommerceApiKey Execute

MailChimp E-commerce API key
mailgunApiKey Execute

Mailgun API key
mapboxPublicToken Execute

Mapbox public access token
mapboxSecretToken Execute

Mapbox secret access token
mattermostAccessToken Execute

Mattermost access token
maxmindLicenseKey Execute

MaxMind license key
messagebirdApiToken Execute

MessageBird API token
microsoftTeamsWebhook Execute

Microsoft Teams incoming webhook URL
mistralApiKey Execute

Mistral AI API key
mollieApiKey Execute

Mollie API key
mondayApiToken Execute

Monday.com API token
mongodbConnectionString Execute

MongoDB connection string with credentials (incl. mongodb+srv://)
mysqlConnectionString Execute

MySQL connection string with credentials
neo4jCredentials Execute

Neo4j database credentials in URL
neonDatabaseConnectionString Execute

Neon database connection string
netlifyAccessToken Execute

Netlify access token
newRelicApiKey Execute

New Relic API key
newRelicBrowserApiToken Execute

New Relic browser API token
newRelicInsertKey Execute

New Relic ingest insert key
newRelicInsightKey Execute

New Relic Insights query key
notionIntegrationToken Execute

Notion integration token (new ntn_ format, post Sept 2024)
notionIntegrationTokenLegacy Execute

Notion integration token (legacy secret_ format, pre Sept 2024)
novuApiKey Execute

Novu API key
npmAccessToken Execute

NPM access token
nugetApiKey Execute

NuGet API key
nxCloudAccessToken Execute

Nx Cloud access token
octopusDeployApiKey Execute

Octopus Deploy API key
oktaAccessToken Execute

Okta access token
onePasswordSecretKey Execute

1Password secret key
onePasswordServiceAccountToken Execute

1Password service account token
openaiAdminKey Execute

OpenAI admin API key
openaiApiKeyLegacy Execute

OpenAI API key (legacy format)
openaiOrgId Execute

OpenAI organization ID
openaiProjectApiKey Execute

OpenAI project-scoped API key
openaiServiceAccountKey Execute

OpenAI service account API key
openshiftUserToken Execute

OpenShift user token
opensshPrivateKey Execute

OpenSSH private key
openvpnClientPrivateKey Execute

OpenVPN client private key
paddleApiKey Execute

Paddle API key
paypalAccessToken Execute

PayPal access token
paypalBraintreeAccessToken Execute

PayPal Braintree access token
perplexityApiKey Execute

Perplexity AI API key
pgpPrivateKey Execute

PGP private key block
pgpPrivateKeyBlock Execute

PGP private key block (BEGIN to END)
pineconeApiKey Execute

Pinecone API key
pineconeApiKeyPrefixed Execute

Pinecone API key (prefixed format)
pinterestAccessToken Execute

Pinterest access token
pkcs8PrivateKey Execute

PKCS#8 private key
plaidApiToken Execute

Plaid API token
plaidClientId Execute

Plaid client ID
planetScaleConnectionString Execute

PlanetScale connection string
planetScaleToken Execute

PlanetScale API token
postgresqlConnectionString Execute

PostgreSQL connection string with credentials
posthogApiKey Execute

PostHog API key
posthogPersonalApiKey Execute

PostHog personal API key
postmanApiToken Execute

Postman API token
postmarkServerToken Execute

Postmark server API token
prefectApiToken Execute

Prefect API token
privateKeyPem Execute

Private key in PEM format (all key types)
pulumiAccessToken Execute

Pulumi access token
pusherAppSecret Execute

Pusher app secret
puttyPrivateKey Execute

PuTTY private key file
pypiApiToken Execute

PyPI API token
railwayApiToken Execute

Railway API token
razorpayApiKey Execute

Razorpay API key
readmeApiToken Execute

Readme API token
redisAuthPassword Execute

Redis AUTH password command
redisConnectionString Execute

Redis connection string with credentials (incl. rediss:// TLS)
renderToken Execute

Render API token
replicateApiToken Execute

Replicate API token
resendApiKey Execute

Resend email API key
rollbarAccessToken Execute

Rollbar access token
rsaPrivateKey Execute

RSA private key
rubygemsApiToken Execute

RubyGems API token
scalingoApiToken Execute

Scalingo API token
sendbirdAccessToken Execute

Sendbird access token
sendgridApiKey Execute

SendGrid API key
sendinblueApiToken Execute

Sendinblue (Brevo) API token
sentryAuthToken Execute

Sentry authentication token
sentryOrgToken Execute

Sentry organization token
sentryUserToken Execute

Sentry user token
sessionIds Execute

Session IDs / Cookies
settlemintApplicationAccessToken Execute

SettleMint application access token
settlemintPersonalAccessToken Execute

SettleMint personal access token
settlemintServiceAccessToken Execute

SettleMint service access token
shippoApiToken Execute

Shippo API token
shopifyAccessToken Execute

Shopify access token
shopifyPrivateAppPassword Execute

Shopify private app password
shopifyStorefrontAccessToken Execute

Shopify storefront API access token
shopifyWebhookToken Execute

Shopify webhook token
slackAppToken Execute

Slack app-level token
slackBotToken Execute

Slack bot token
slackConfigAccessToken Execute

Slack configuration access token
slackRefreshToken Execute

Slack refresh token
slackUserToken Execute

Slack user token
slackWebhookUrl Execute

Slack incoming webhook URL
slackWebhookUrlClassic Execute

Slack classic incoming webhook URL
slackWorkspaceToken Execute

Slack workspace token
snykApiToken Execute

Snyk API token
sonarqubeToken Execute

SonarQube/SonarCloud token
sourcegraphApiKey Execute

Sourcegraph API key
splunkApiToken Execute

Splunk HEC token
squareAccessToken Execute

Square access token (all formats)
squareApplicationId Execute

Square application ID
squareOauthSecret Execute

Square OAuth secret
sshPrivateKeyEncrypted Execute

SSH private key (SSH2 encrypted format)
stabilityApiKey Execute

Stability AI API key
stackhawkApiKey Execute

StackHawk API key
streamApiSecret Execute

Stream (GetStream.io) API secret
stripePublishableKey Execute

Stripe publishable key (can indicate key pair presence)
stripeSecretKey Execute

Stripe secret key - live and test (sk_*, rk_*)
stripeWebhookSecret Execute

Stripe webhook signing secret
sumoLogicAccessId Execute

SumoLogic access ID
supabaseJwtKey Execute

Supabase anon or service_role key (JWT format)
supabaseServiceKey Execute

Supabase service role key
supertokensApiKey Execute

SuperTokens API key
tavilyApiKey Execute

Tavily API key
telegramBotToken Execute

Telegram bot token
terraformCloudToken Execute

Terraform Cloud API token
tiktokApiToken Execute

TikTok API token
timescaledbConnectionString Execute

TimescaleDB connection string with credentials
togetherApiKey Execute

Together AI API key
travisciAccessToken Execute

Travis CI access token
trelloApiKey Execute

Trello API key
triggerDevApiKey Execute

Trigger.dev API key
tursoDatabaseToken Execute

Turso database auth token
twilioAccountSid Execute

Twilio account SID
twilioApiKey Execute

Twilio API key
twitterBearerToken Execute

Twitter/X Bearer token
typeformToken Execute

Typeform API token
unstructuredApiKey Execute

Unstructured.io API key
upstashKafkaCredentials Execute

Upstash Kafka REST credentials
upstashRedisToken Execute

Upstash Redis REST token
vaultBatchToken Execute

HashiCorp Vault batch token
vaultPeriodicToken Execute

HashiCorp Vault periodic token
vaultServiceToken Execute

HashiCorp Vault service token
vercelOidcToken Execute

Vercel OIDC token
vercelToken Execute

Vercel API token (new prefixed formats: vcp/vci/vca/vcr/vck)
vonageApiSecret Execute

Vonage/Nexmo API secret
voyageApiKey Execute

Voyage AI API key
wandbApiKey Execute

Weights & Biases API key
woocommerceConsumerKey Execute

WooCommerce consumer key
woocommerceConsumerSecret Execute

WooCommerce consumer secret
xaiApiKey Execute

xAI (Grok) API key
youtubeApiKey Execute

YouTube Data API key
zendeskSecretKey Execute

Zendesk secret key

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in Octocode MCP - AI Context Platform

Tools at high risk

Attacks that target this class

More on Octocode MCP - AI Context Platform

Let agents act without letting them run wild.