High-risk tools in Node Js Sandbox MCP Server
5 of the 7 tools in Node Js Sandbox MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
run_jsExecuteInstall npm dependencies and run JavaScript code inside a running sandbox container. After running, you must manually stop the sandbox to free resources. The code must be va...
-
run_js_ephemeralExecuteRun a JavaScript snippet in a temporary disposable container with optional npm dependencies, then automatically clean up. The code must be valid ESModules (import/export synt...
-
sandbox_execExecuteExecute one or more shell commands inside a running sandbox container. Requires a sandbox initialized beforehand.
-
sandbox_initializeExecuteStart a new isolated Docker container running Node.js. Used to set up a sandbox session for multiple commands and scripts.
-
sandbox_stopExecuteTerminate and remove a running sandbox container. Should be called after finishing work in a sandbox initialized with sandbox_initialize.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.