High-risk tools in Ros2 Medkit
10 of the 84 tools in Ros2 Medkit are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ros2_medkit_cancel_executionExecuteCancel a specific execution by its ID. Use ros2_medkit_list_executions to find the execution_id.
-
ros2_medkit_execute_scriptExecuteExecute a script on an entity. Returns execution ID.
-
ros2_medkit_execute_updateExecuteExecute a prepared software update. WARNING: This triggers actual software installation on the target system. Ensure the update has been prepared successfully first.
-
ros2_medkit_control_script_executionExecuteControl a running script execution (stop, pause, etc.).
-
ros2_medkit_acquire_lockExecuteAcquire an exclusive lock on an entity for safe modifications. Required field in lock_config:
-
ros2_medkit_automate_updateExecuteRun automated update workflow (prepare + execute). WARNING: This triggers actual software installation on the target system. Use with caution.
-
ros2_medkit_create_executionExecuteStart an execution for an operation (service call or action goal). For services, returns result directly. For actions, returns execution_id to track progress.
-
ros2_medkit_prepare_updateExecutePrepare an update for execution (download, verify, stage).
-
ros2_medkit_publish_topicExecutePublish data to an entity
-
ros2_medkit_update_executionExecuteUpdate an execution (e.g., stop capability). Use to control running actions.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.