High-risk tools in ARC Config MCP Server
8 of the 16 tools in ARC Config MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
arc_apply_configExecuteApply ARC configuration from generated config files in your repository to the Kubernetes cluster.
-
arc_deploy_runners_hybridExecuteDeploy GitHub Actions runners with configuration versioning. Generates config files in your repo, allows review, then optionally applies to cluster.
-
arc_install_controllerExecuteInstall GitHub Actions Runner Controller in Kubernetes cluster with live status updates in chat
-
arc_install_controller_hybridExecuteInstall GitHub Actions Runner Controller with configuration versioning. Generates controller config in your repo, allows review, then installs via Helm.
-
arc_manage_runnersExecuteList, scale, and manage GitHub Actions runners with real-time updates
-
arc_process_natural_languageExecuteHandle complex or ambiguous ARC-related queries that require interpretation and analysis.
-
arc_scale_runnersExecuteScale GitHub Actions runners with intelligent cost and performance recommendations.
-
deploy_github_runnersExecuteDeploy GitHub Actions runners with configurable auto-scaling. Supports setting minimum and maximum replica counts for optimal resource management.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.