High-risk tools in Vault MCP
2 of the 5 tools in Vault MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
vault_api_requestExecuteMake an API request with stored credentials. The API key is injected into headers automatically — the bot never sees it.
-
vault_loginExecuteLog into a website using stored credentials. The bot never sees the password — Vault fills the login form via Chrome DevTools Protocol.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.