High-risk tools in Universal Gas Framework MCP Server
9 of the 19 tools in Universal Gas Framework MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
ugf_authenticateExecuteComplete UGF login. Agent signs the nonce from ugf_get_nonce with its private key and passes the signature here. Returns JWT for agent to cache.
-
ugf_evm_confirm_user_txExecuteConfirm a user-broadcast destination EVM tx hash back to UGF.
-
ugf_evm_wait_sponsorshipExecuteWait until UGF sponsorship side is ready for a destination EVM tx. Agent then sends destination tx itself.
-
ugf_sol_submit_user_sigExecuteSubmit a locally-produced Solana user signature to UGF. Pair with ugf_sol_wait_user_sig_message.
-
ugf_sol_wait_user_sig_messageExecuteWait for the Solana user-sig message UGF prepared. Returns {serialized_message: base64}. Agent signs locally with its keypair via nacl.sign.detached, then calls ugf_sol_submit_u...
-
ugf_sui_execute_signed_blockExecuteBroadcast a dual-signed (user + sponsor) Sui transaction block via Sui RPC. Returns {tx_digest}.
-
ugf_sui_wait_sponsor_bytesExecuteWait for UGF to prepare Sui sponsor tx_bytes + sponsor_sig (base64). Agent signs tx_bytes locally with its Sui Ed25519 keypair, then calls ugf_sui_execute_signed_block.
-
ugf_vault_build_txExecuteBuild unsigned EIP-1559 vault payment tx for local signing + broadcast. Returns {to, data, value, chainId, gasLimit, nonce, type, maxFeePerGas, maxPriorityFeePerGas} — all BigIn...
-
ugf_x402_build_typed_dataExecuteBuild ERC-3009 x402 typed-data payload for local signing. Returns {domain, types, message, nonce, valid_after, valid_before}. Agent signs with signTypedData, then calls ugf_x402...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.