High-risk tools in ROS MCP

High severity ROS MCP MCP Server 11 of 24 tools

11 of the 24 tools in ROS MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

launch_gazebo Execute

Launch Gazebo simulation environment via WebSocket server.
launch_rqt_graph Execute

Launch rqt_graph GUI tool via WebSocket server.
launch_rviz Execute

Launch RViz2 GUI tool via WebSocket server.
launch_turtlebot3_empty_world Execute

Launch TurtleBot3 in empty world in Gazebo via WebSocket server.
launch_turtlebot3_world Execute

Launch TurtleBot3 world in Gazebo via WebSocket server.
launch_turtlesim Execute

Launch turtlesim GUI application via WebSocket server.
run_ros2_doctor Execute

Runs ros2 doctor to check ROS 2 environment setup and issues.
run_ros2_executable Execute

Runs a ROS 2 executable from a specified package.
call_ros2_service Execute

call_ros2_service
publish_ros2_topic Execute

publish_ros2_topic
send_ros2_action_goal Execute

send_ros2_action_goal

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in ROS MCP

Tools at high risk

Attacks that target this class

More on ROS MCP

Enforce policy on every ROS MCP tool call.