High-risk tools in MCP Remote Access
13 of the 26 tools in MCP Remote Access are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
serial_esp32_connectExecuteConnect to ESP32 with automatic reset and boot wait. Handles the ESP32 boot sequence (74880 baud boot messages, then app at 115200). Resets the device and waits for it to be ready.
-
serial_expectExecuteWait for patterns and optionally send responses. Useful for login prompts and AT flows.
-
serial_flushExecuteFlush serial buffers (clear pending input/output data).
-
serial_reset_deviceExecuteReset an embedded device using DTR/RTS sequence. Supports ESP32, STM32, and generic reset.
-
serial_sendExecuteSend data to a serial port. Optionally wait for and return response.
-
serial_send_breakExecuteSend a serial break signal. Used to interrupt U-Boot, enter debug modes.
-
serial_send_bytesExecuteSend raw binary bytes to a serial port (no UTF-8 encoding, no line
-
serial_set_dtrExecuteSet DTR (Data Terminal Ready) line state. Used for device reset on many boards.
-
serial_set_rtsExecuteSet RTS (Request To Send) line state. Used for bootloader entry on ESP32/STM32.
-
serial_wait_forExecuteWait for a specific string/pattern in serial output. Useful for boot messages, prompts.
-
ssh_connectExecuteConnect to a remote host via SSH. Returns a connection ID for subsequent commands.
-
ssh_executeExecuteExecute a command on a connected SSH host. Returns stdout, stderr, and exit code.
-
ssh_execute_backgroundExecuteExecute a long-running command in the background. Returns a task ID and output file path. Use ssh_check_background to monitor progress.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.