High-risk tools in PMCP

High severity PMCP MCP Server 7 of 26 tools

7 of the 26 tools in PMCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

gateway.tasks_cancel Execute

Cancel a downstream MCP task by opaque task ID.
gateway.connect_server Execute

Connect or start a known downstream MCP server by name.
gateway.invoke Execute

Invoke a tool on a downstream MCP server.
gateway.provision Execute

Provision (install and start) a specific MCP server from the manifest.
gateway.restart_server Execute

Restart a known downstream MCP server without changing persistent config.
gateway.refresh Execute

Reload backend MCP server configurations and reconnect.
gateway.request_capability Execute

Find and auto-provision the right tool for a task — describe what you need in natural language.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in PMCP

Tools at high risk

Attacks that target this class

More on PMCP

Enforce policy on every PMCP tool call.