High-risk tools in Scf
5 of the 74 tools in Scf are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
scf_bulk_assess_evidenceExecuteQueue AI assessments for multiple evidence files (write — editor+ role, async, max 50). Provide evidence_id, file_ids, and/or assess_unassessed. Returns count queued.
-
scf_revalidate_evidence_fileExecuteRe-run the validation engine against an evidence file (write — editor+ role). Checks catalog existence, content type, field coverage, freshness, storage. Returns the updated res...
-
scf_trigger_evidence_assessmentExecuteQueue an AI assessment of a single evidence file (write — editor+ role, async). Returns a pending record; poll scf_get_evidence_assessment until status is sufficient/partial/ins...
-
scf_trigger_vendor_researchExecuteQueue AI security research for a vendor (write — editor+ role, async). Checks HIBP breach data, NVD vulnerabilities, and public posture. Returns a task ID; poll scf_get_vendor_r...
-
scf_trigger_window_assessmentExecuteQueue a windowed AI assessment that scores every file in the evidence item
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.