High-risk tools in ML Lab MCP
16 of the 62 tools in ML Lab MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
codex_debug_trainingExecuteHave Codex debug training issues from logs
-
codex_fix_codeExecuteHave Codex fix issues in training or evaluation code
-
codex_generate_training_scriptExecuteHave Codex generate a training script from experiment config
-
codex_optimize_configExecuteHave Codex optimize training configuration for quality/speed/memory
-
codex_runExecuteRun an arbitrary task with Codex (for advanced use)
-
dataset_transformExecuteTransform a dataset with a template
-
ollama_chatExecuteSend a chat message to an Ollama model
-
ollama_deployExecuteDeploy a GGUF model to Ollama
-
ollama_pullExecutePull a model from the Ollama registry
-
owui_chatExecuteChat through Open WebUI (uses model config + knowledge)
-
thinking_analyzeExecuteRun deep analysis using Ollama reasoning models (DeepSeek R1, QwQ). Analyzes training, experiments, activity, cost, or datasets.
-
thinking_scheduleExecuteSchedule automated deep analysis runs
-
train_launchExecuteLaunch a training run (optionally using Codex for script generation)
-
train_stopExecuteStop a training run
-
vps_runExecuteRun a command on a VPS
-
vps_setupExecuteSet up training environment on a VPS (installs dependencies)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.