High-risk tools in Qontinui MCP Server
13 of the 64 tools in Qontinui MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
awas_executeExecuteExecute an AWAS action on a website. The manifest must be discovered first using awas_discover. This tool makes the HTTP request defined by the action and returns the response.
-
capture_multi_state_gui_configExecuteCapture a complete multi-state GUI automation config in one call.
-
check_page_specExecuteRun B-style spec verification against the live UI. Loads the page
-
ensure_config_loadedExecuteEnsure a specific config file is loaded. Loads it if not already loaded, skips if already loaded.
-
execute_planExecuteExecute a structured implementation plan with sequential AI phases. Each phase runs as a separate AI session with full context from prior phases.
-
execute_pythonExecuteExecute inline Python code. Returns stdout, stderr, and optional return value. Use this for quick data analysis, custom verification logic, or any Python scripting needs.
-
execute_state_transitionExecuteExecute a specific transition by ID in the loaded state machine.
-
execute_testExecuteExecute a verification test by ID. Returns execution result including pass/fail status, output, assertions, and screenshots.
-
generate_workflowExecuteGenerate a UnifiedWorkflow from a natural language description using AI.
-
navigate_to_statesExecuteNavigate to target states using pathfinding.
-
run_workflowExecuteRun a workflow by name from the currently loaded configuration.
-
spawn_sub_agentExecuteSpawn a sub-agent with a specific task and optionally scoped tools. The sub-agent runs autonomously and returns when complete. Use this for complex tasks that benefit from hiera...
-
stop_executionExecuteStop the currently running workflow execution.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.