Book a London airport or cruise port transfer to/from any UK address. Creates a REAL reservation — only call after the customer confirms. REQUIRED FLOW — collect ALL info before booking: 1. Ask: Where are you travelling from and to? 2. Ask: What date and time? (ask naturally, never expose technic...
Risk signalsAccepts file system path (destination) · High parameter count (15 properties) · Bulk/mass operation — affects multiple targets
Part of the London Airport Transfers server.
Free to start. No card required.
AI agents use book_london_airport_transfer to initiate financial transactions through London Airport Transfers. Financial operations involve real money and are irreversible once processed. PolicyLayer blocks financial tools by default, requiring explicit human approval with transaction-level limits to prevent unauthorised spending.
book_london_airport_transfer moves real money. Without a policy, an autonomous agent could initiate transactions that drain accounts or exceed budgets. PolicyLayer blocks financial tools by default, requiring human-in-the-loop approval with configurable spending limits per transaction and per time window.
Financial tools involve real money. Block by default and require explicit human approval before enabling.
{
"version": "1",
"default": "deny",
"tools": {
"book_london_airport_transfer": {
"deny_if": [
{
"conditions": [],
"on_deny": "Requires human approval."
}
]
}
}
}See the full London Airport Transfers policy for all 3 tools.
These attack patterns abuse exactly the kind of access book_london_airport_transfer gives an agent. Each links to the full case and the policy that stops it:
Other financial tools across the catalogue. The same approach applies to each: deny by default, or require human approval.
Book a London airport or cruise port transfer to/from any UK address. Creates a REAL reservation — only call after the customer confirms. REQUIRED FLOW — collect ALL info before booking: 1. Ask: Where are you travelling from and to? 2. Ask: What date and time? (ask naturally, never expose technical formats like YYYY-MM-DD to the user) 3. Ask: How many passengers and how many suitcases/large bags? 4. Call london_airport_transfer_quote to show prices and car options 5. Ask: Which car type would you like? (show the options with prices) 6. Ask: Passenger full name 7. Ask: Phone number (with country code) 8. Ask: Email address (for booking confirmation) 9. If destination/origin is a POSTCODE (e.g. SL4 5LP, W1K 1LN), ask: What is the house/building number or name at that postcode? The driver needs the exact door. 10. Ask the RIGHT transport detail based on booking type: - Airport PICKUP (customer arriving at airport) → Flight number (e.g. BA2534). Use validate_flight to verify and auto-detect terminal. - Airport DROPOFF (customer going TO airport) → Flight number is optional, don't require it - Cruise port pickup/dropoff → Cruise/ship name (e.g. P&O Ventura) - Train station pickup/dropoff → Train number or arriving from where - Non-airport/port/station route → skip, no transport detail needed 11. MANDATORY — Ask: "Do you have any special requests? For example, child seat, extra luggage, wheelchair, pet?" You MUST ask this every time. Do NOT skip it. If they mention a child seat, ask the child's age (baby seat 0-12mo, child seat 1-4yrs, booster 4-12yrs). Check seat limit for their car (Saloon 1, People Carrier 2, 8 Seater 3). If they ask for extra pickup or drop-off stops, tell them: "No problem! Extra stops will change the price — let me get you an updated quote." Then call london_airport_transfer_quote again with the full route. 12. MANDATORY — Before confirming the booking, inform the passenger: "We'll create your booking and you can pay the driver in cash on the day. If you prefer to pay online, you can do so via your manage booking link — we accept all major cards including Amex, Apple Pay, Google Pay, PayPal, Revolut, WeChat Pay, and AliPay." Wait for the customer to confirm. 13. Confirm all details with the customer, then call book_london_airport_transfer 14. AFTER booking: Share the booking_reference number and the manage_booking_url. Say: "Booking confirmed! You can track your driver, view booking details, and pay online (all major cards, Amex, Apple Pay, Google Pay, PayPal, Revolut, WeChat Pay, AliPay) using this link: {manage_booking_url}" - Share meeting_point instructions — ALWAYS include the terminal/location name from meeting_point.name (e.g. "Meeting point at Heathrow Terminal 2: ..."). Never show meeting instructions without specifying which terminal or location. IMPORTANT: Never call book_london_airport_transfer without customer confirmation. Always show the price first via london_airport_transfer_quote. IMPORTANT: The customer MUST choose a car type from the quote. Do NOT auto-select a car — always ask which one they want. IMPORTANT: Email address is REQUIRED — it is used for the booking management link and confirmation. IMPORTANT: Always inform the customer about payment options (cash or card/Apple Pay/Google Pay via manage booking link) BEFORE making the booking.. It is categorised as a Financial tool in the London Airport Transfers MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the London Airport Transfers MCP server in PolicyLayer and add a rule for book_london_airport_transfer: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches London Airport Transfers. Nothing to install.
book_london_airport_transfer is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the book_london_airport_transfer rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for book_london_airport_transfer. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
book_london_airport_transfer is provided by the London Airport Transfers MCP server (airport-pickups-london/London-airport-transfers). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 3 London Airport Transfers tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.