High-risk tools in AndroidTVMCP
10 of the 17 tools in AndroidTVMCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
atv_cast_stopExecuteStop casting on a Chromecast/Android TV device. No pairing required.
-
atv_launch_appExecuteLaunch an application on Android TV. Requires pairing first (use atv_start_pairing). Provide either app_id or app_name.
-
atv_navigateExecuteNavigate Android TV interface. Requires pairing first (use atv_start_pairing).
-
atv_start_pairingExecuteStart pairing process with an Android TV device
-
atv_cast_urlExecuteCast a Canvas surface to a Chromecast/Android TV device. No pairing required. Use canvas_server_url and surface_id from the canvas_create or canvas_show result.
-
atv_playbackExecuteControl media playback on Android TV. Requires pairing first (use atv_start_pairing).
-
atv_powerExecuteControl power state of Android TV. Requires pairing first (use atv_start_pairing).
-
atv_volumeExecuteControl volume on Android TV. Requires pairing first (use atv_start_pairing).
-
atv_complete_pairingExecuteComplete pairing process with PIN code
-
atv_input_textExecuteSend text input to Android TV. Requires pairing first (use atv_start_pairing).
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.