High-risk tools in TermPipe MCP
44 of the 119 tools in TermPipe MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
bootExecuteMid-session context refresh with integrated briefing.
-
buildExecutebuild
-
cond_clipboard_pasteExecuteTrigger Ctrl+V to paste current clipboard content into active window.
-
cond_daemon_sendExecutecond_daemon_send
-
cond_focusExecuteFocus a window by app-id or name (fuzzy match).
-
cond_keyExecuteSend a key combination. Separate keys with space or ,,.
-
cond_launchExecuteLaunch an application by name (uses cond app database, fuzzy match).
-
cond_mouse_clickExecuteClick a mouse button.
-
cond_mouse_moveExecuteMove the mouse cursor.
-
cond_move_windowExecuteMove a window. x/y can be pixels or 0.0-1.0 percentage of screen.
-
cond_ocrExecuteCapture active window, run AI OCR (qwen-vl via iflow), copy result to clipboard.
-
cond_ocr_fileExecuteRun AI OCR on an existing image file and copy result to clipboard.
-
cond_register_hotkey_inputExecuteRegister a hotkey to execute input commands (type, key, click, etc).
-
cond_register_hotkey_scriptExecuteRegister a hotkey to execute a shell script.
-
cond_resize_windowExecuteResize a window. w/h can be pixels or 0.0-1.0 percentage.
-
cond_restore_layoutExecuteRestore a previously saved window layout.
-
cond_snapExecuteSnap active window to a screen region.
-
cond_subscribeExecutecond_subscribe
-
cond_typeExecuteType text into the active window via compositor input injection.
-
cond_verify_launchExecutecond_verify_launch
-
cond_visual_queryExecutecond_visual_query
-
debug_assistExecutedebug_assist
-
gemini_debugExecutegemini_debug
-
ifp_sendExecuteSend a prompt to local omniproxy (qwen2.5-coder-7b-instruct).
-
interact_with_processExecuteSend input to a running process (REPL, interactive shell, etc).
-
launch_appExecuteLaunch an application via normalized launch script.
-
reload_toolsExecuteHot-reload all tool modules.
-
smart_replaceExecutesmart_replace
-
start_searchExecutestart_search
-
stop_searchExecuteStop and clean up a search.
-
termf_execExecuteExecute a shell command via TermPipe (existing method, preserved).
-
termf_hsp_pipelineExecutetermf_hsp_pipeline
-
termf_live_continueExecuteExecute another command in an existing terminal session.
-
termf_live_execExecutetermf_live_exec
-
termf_nlpExecuteExecute NLP command via TermPipe. Translates natural language to CLI.
-
termf_nlp_aliasExecuteGenerate and install a shell alias/function from natural language.
-
wbind_actionExecutewbind_action
-
wbind_launch_and_focusExecuteLaunch an app and bring it to a known state.
-
workspace_askExecuteworkspace_ask
-
workspace_await_approvalExecuteworkspace_await_approval
-
workspace_await_task_approvalExecuteworkspace_await_task_approval
-
workspace_initExecuteworkspace_init
-
workspace_task_createExecuteworkspace_task_create
-
workspace_task_queryExecuteworkspace_task_query
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.