High-risk tools in Flash Cast
3 of the 14 tools in Flash Cast are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
analyze_douyin_videoExecute分析抖音视频:输入分享链接,提取口播文案 + 爆款结构解析。结果存入项目。消耗 AI 算力,非订阅会员每项目上限 3 次。耗时约 35-130 秒。
-
authenticateExecute校验 API Key 或打开本机登录页。未配置 Key 时浏览器访问本机 /auth,验证码与登录由 MCP 转发到 FLASH_CAST_API_BASE(默认 https://share.skyxhome.com)。联调本机后端时设置 FLASH_CAST_API_BASE=http://localhost:8080。登录成功后自动创建并保存 AP...
-
render_videoExecute触发视频渲染(TTS + 录屏 + 混音,约 2-10 分钟)。必须先 get_render_preview 并由用户确认;user_confirmed_content 必须为 true。返回 progressUrl 与本机进度页。
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.