High-risk tools in Mythic MCP

High severity Mythic MCP MCP Server 3 of 6 tools

3 of the 6 tools in Mythic MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

execute_mimikatz Execute

Runs the hacker tool mimikatz with the provided arguments, returing Mimikatz output.
run_as_user Execute

Attempt to authenticate as another user (network calls only) for the current session.
run_shell_command Execute

Execute a shell script command line against a running agent. This script is executed using the default command line interpreter.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Mythic MCP

Tools at high risk

Attacks that target this class

More on Mythic MCP

Enforce policy on every Mythic MCP tool call.