High-risk tools in Sentinel MCP Server
9 of the 10 tools in Sentinel MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
run_api_fuzzingExecuteRun API Fuzzing using Schemathesis.
-
run_cis_compliance_scanExecuteRun CIS Benchmark scan using Trivy.
-
run_crypto_scanExecuteRun SSL/TLS Compliance Scan (testssl.sh).
-
run_dast_scanExecuteRun DAST scan using OWASP ZAP.
-
run_malware_scanExecuteRun Malware scan using ClamAV.
-
run_sast_scanExecuteRun SAST scan using Semgrep.
-
run_sca_scanExecuteRun SCA scan using Trivy and Grype (Unified).
-
run_secret_scanExecuteRun Secret scan using Gitleaks.
-
run_threat_modelingExecuteGenerate a STRIDE Threat Model (AI-Powered) based on code context.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.