High-risk tools in It2mcp
18 of the 40 tools in It2mcp are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
app_activateExecuteActivate iTerm2 (bring to front).
-
batchExecutebatch
-
broadcast_onExecuteEnable input broadcasting to all sessions in the current tab.
-
session_clearExecuteClear the screen of an iTerm2 session (sends Ctrl+L).
-
session_focusExecuteFocus (activate) a specific iTerm2 session.
-
session_restartExecuteRestart an iTerm2 session.
-
session_runExecuteExecute a command in an iTerm2 session (sends text + Enter).
-
session_sendExecuteSend text to an iTerm2 session without pressing Enter.
-
session_splitExecuteSplit an iTerm2 session into a new pane.
-
tab_moveExecuteMove a tab to its own new window.
-
tab_newExecuteCreate a new tab in an iTerm2 window.
-
tab_nextExecuteSwitch to the next tab in the current window.
-
tab_prevExecuteSwitch to the previous tab in the current window.
-
tab_selectExecuteSelect a tab by its ID or numeric index.
-
window_arrange_restoreExecuteRestore a saved window arrangement.
-
window_focusExecuteFocus (activate) a specific iTerm2 window.
-
window_newExecuteCreate a new iTerm2 window.
-
window_resizeExecuteResize an iTerm2 window.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.