High-risk tools in DevToolkit MCP Server
3 of the 32 tools in DevToolkit MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
http_requestExecuteMake an HTTP request. Supports GET, POST, PUT, PATCH, DELETE with custom headers and body.
-
run_backgroundExecuteStart a long-running process (dev servers, watchers) in the background. Captures output for a few seconds then detaches — process keeps running. Returns PID + initial output. Us...
-
run_commandExecuteExecute a shell command safely. Validated against an allowlist of safe tools.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.