High-risk tools in Virtualbox MCP Server
15 of the 46 tools in Virtualbox MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
atomic_transaction_execExecuteExecutes a command with auto-snapshot safety. Reverts on failure if rollback_on_fail is true.
-
cancel_operationExecuteCancels a running operation.
-
configure_shellExecuteConfigure shell environment in the VM
-
create_dev_vmExecuteCreate and configure a development VM with Vagrant (advanced)
-
create_vmExecuteCreate a new Vagrant VM
-
ensure_dev_vmExecuteEnsure development VM is running, create if it doesn
-
exec_commandExecuteExecute a shell command inside a VM
-
exec_with_syncExecuteExecute a command in the VM with file synchronization before and after
-
install_dev_toolsExecuteInstall specific development tools in the VM
-
kill_processExecuteSends a signal (SIGTERM/SIGKILL) to a specific process in the VM. Required to stop runaway tasks or stuck servers.
-
run_background_taskExecuteRun a command in the VM as a background task
-
set_display_modeExecuteControls Headless vs GUI state of a VM.
-
setup_dev_environmentExecuteInstall language runtimes, tools, and dependencies in the VM
-
start_downloadExecuteStarts a tracked file download operation. Returns an operation_id that MUST be used with
-
wait_for_operationExecuteBlocks execution until an operation completes OR times out. CRITICAL: Use this after starting any long-running task.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.