High-risk tools in Claude Concilium
4 of the 5 tools in Claude Concilium are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
openai_chatExecuteSend a prompt to OpenAI via Codex exec. Non-interactive, fast startup (no MCP servers loaded), 180s default timeout. Returns clear error on quota limits. For code review, use op...
-
gemini_analyzeExecuteDeep analysis with Gemini — sends a large context (up to 1M tokens). Use for analyzing entire files, large diffs, or complex codebases. Longer timeout (3 min).
-
gemini_chatExecuteSend a prompt to Gemini via gemini-cli. Free tier: 1000 req/day. Uses Google account auth (no API key). Good for code review, architecture questions, analysis. 1M token context ...
-
qwen_chatExecuteSend a prompt to Qwen via qwen CLI. Prompt sent via stdin (safe for any content). Models: qwen-turbo (fast, default), qwen-plus (deep analysis, code review), qwen-long (large co...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.