High-risk tools in Nubra MCP Server
12 of the 78 tools in Nubra MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
begin_auth_flowExecuteStart the standard authentication flow for the selected environment. Then ask for OTP, call verify_otp, ask for MPIN, and call verify_mpin.
-
open_backtest_uiExecuteLaunch the desktop backtest UI. It reuses the current Nubra MCP auth state and runs NubraOSS-style strategy backtests using Nubra historical data only.
-
open_nubracollector_uiExecuteLaunch the NubraCollector desktop UI for live websocket collection and export workflows. If the current Nubra MCP session is valid, the UI reuses it automatically; otherwise the...
-
place_uat_named_option_strategyExecutePlace a named options strategy through Nubra UAT only. PROD trading is strictly blocked.
-
run_backtestExecuteRun a backtest. Required inputs: symbol, timeframe, strategy_type. Supported strategy_type values are ma_crossover and rsi. Optional strategy_params examples: {'fast_window': 20...
-
run_ma_crossover_backtestExecuteRun a moving-average crossover backtest. Required inputs: symbol and timeframe. Optional inputs: start_date, end_date, fast_window, slow_window, initial_cash, fees.
-
run_rsi_backtestExecuteRun an RSI-based backtest. Required inputs: symbol and timeframe. Optional inputs: start_date, end_date, rsi_window, oversold, overbought, initial_cash, fees.
-
run_strategy_backtestExecuteRun a NubraOSS-style rule-based strategy backtest using the current Nubra login/session and Nubra historical data only.
-
scan_watchlistExecuteRun a reusable watchlist scan such as volume_spike, volume_breakout, rsi_threshold, ema_crossover, oi_wall, or return_rank.
-
switch_environment_and_send_otpExecuteRecommended environment-switch entrypoint. Switch the Nubra environment, immediately clear the current session, and send an OTP for the target environment.
-
verify_otpExecuteVerify the OTP for the current environment. If successful, ask for MPIN and call verify_mpin next.
-
verify_otp_with_saved_mpinExecuteRecommended fast login completion when MPIN is already configured. Verify OTP and then reuse the configured MPIN for the current environment.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.