High-risk tools in Sysprobe
16 of the 59 tools in Sysprobe are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
bluetooth_connectExecute[ACTION] Connect to a paired Bluetooth device by MAC.
-
bluetooth_powerExecute[ACTION] Turn the Bluetooth adapter on or off.
-
control_serviceExecute[ACTION] start/stop/restart/reload/enable/disable a systemd unit.
-
kde_notifyExecuteSend a desktop notification (notify-send). Harmless, ungated.
-
kill_processExecute[ACTION] Send a signal to a PID (default SIGTERM). Gated.
-
kwin_reconfigureExecute[ACTION] Tell KWin to reload its configuration.
-
launch_appExecute[ACTION] Launch an app: a .desktop id, or a binary on PATH.
-
lock_sessionExecute[ACTION] Lock the screen.
-
media_controlExecute[ACTION] Control playback: play/pause/play-pause/next/previous/stop.
-
open_pathExecute[ACTION] Open a file/folder/URL with the default handler (xdg-open).
-
set_brightnessExecute[ACTION] Set display brightness to a percentage (1–100).
-
set_cpu_governorExecute[ACTION] Set the CPU governor on all cores (e.g. performance, powersave).
-
set_global_themeExecute[ACTION] Apply a KDE global theme / look-and-feel package.
-
set_power_profileExecute[ACTION] Set power profile: performance / balanced / power-saver.
-
set_volumeExecute[ACTION] Set default sink volume to a percentage (0–150).
-
suspend_systemExecute[ACTION] Suspend (sleep) the system.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.