High-risk tools in Pipecat MCP Server
4 of the 7 tools in Pipecat MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
screen_captureExecuteStart or switch screen capture to a window or full screen. Captures are streamed through the Pipecat pipeline. Use list_windows() to find available window IDs. Arg...
-
speakExecuteSpeak the given text to the user using text-to-speech. Returns true if the agent spoke the text, false otherwise.
-
startExecuteStart a new Pipecat Voice Agent. Once the voice agent has started you can continuously use the listen() and speak() tools to talk to the user. Returns true if the ...
-
stopExecuteStop the voice pipeline and clean up resources. Call this when the voice conversation is complete to gracefully shut down the voice agent. Returns true if the agen...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.