High-risk tools in Multi-Tool MCP Server
15 of the 61 tools in Multi-Tool MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ansible_pingExecuteTest Ansible connectivity to hosts or groups using the ping module.
-
ansible_run_adhocExecuteRun an ad-hoc Ansible command against hosts. Supports ping, setup (facts), command, shell, and Cisco IOS modules.
-
ansible_run_playbookExecuteRun an Ansible playbook on the RHEL 10 control node. Supports --limit, --tags, --check, --diff, and extra vars.
-
jupyter_create_sessionExecuteCreate a new session for a notebook (starts a kernel attached to the notebook)
-
jupyter_execute_cellExecuteExecute a specific cell in a notebook and return the output. This runs the cell through the Jupyter session.
-
jupyter_interrupt_kernelExecuteInterrupt a running Jupyter kernel (stop current execution)
-
jupyter_restart_kernelExecuteRestart a running Jupyter kernel
-
jupyter_start_kernelExecuteStart a new Jupyter kernel
-
jupyter_stop_kernelExecuteStop/shutdown a running Jupyter kernel
-
run_commandExecuteRun a whitelisted system command. Free-form: uptime, hostname, df, free, top, ps, who, date, uname, lsblk, lscpu, lsmem, vcgencmd. Restricted to read-only subcommands: git (stat...
-
unifi_block_clientExecuteBlock a client from accessing the network
-
unifi_reconnect_clientExecuteForce a client to disconnect and reconnect to the network
-
unifi_restart_deviceExecuteRestart a UniFi device (access point, switch, etc.)
-
unifi_set_dns_filteringExecuteConfigure DNS content filtering
-
unifi_set_threat_management_modeExecuteEnable or disable Threat Management (IPS/IDS)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.