// TOOL REFERENCE
FINANCIAL MCP TOOLS
Tools that initiate financial transactions. Critical risk -- require human approval.
Severity: Critical severity →
// ATTACKS TARGETING FINANCIAL TOOLS
Real-world attack patterns documented against financial-class MCP tools. Each links to the full case and the defensive policy.
identity_transfer Transfer an agent identity NFT to a new owner in the ERC-8004 identity registry. This clears the agent wallet association — run identity_set_wallet... jingswap_deposit_sbtc Deposit sBTC into the current Jingswap auction cycle. Only works during the deposit phase. Amount is in satoshis (e.g. 1000 for 1000 sats). Works t... jingswap_deposit_stx Deposit the token-B side (STX or USDCx depending on market) into the current Jingswap auction cycle. Only works during the deposit phase. Amount is... ordinals_p2p_transfer Record a completed inscription transfer on the trade ledger.
Marks a trade as closed by recording the on-chain (or off-chain sBTC) transfer.
The a... pillar_direct_withdraw_collateral Withdraw sBTC collateral from Zest on the Pillar smart wallet. Agent-signed, no browser needed. Backend sponsors gas. sbtc_deposit Deposit BTC to receive sBTC on Stacks L2.
This builds, signs, and broadcasts a Bitcoin transaction to the sBTC deposit address.
After confirmation... sbtc_transfer Transfer sBTC tokens to a recipient address.
sBTC uses 8 decimals (same as Bitcoin).
Example: To send 0.001 sBTC, use amount "100000" (satoshis). sbtc_withdraw Alias for sbtc_initiate_withdrawal. Initiates an sBTC peg-out request to BTC L1. styx_deposit Full headless BTC→sBTC deposit via the Styx protocol. Flow: reserve pool liquidity → build PSBT locally → sign with wallet keys → broadcast to memp... transfer_btc Transfer BTC to a recipient address. Builds, signs, and broadcasts a Bitcoin transaction. Requires an unlocked wallet with BTC balance. By default,... transfer_nft Transfer an NFT (SIP-009) to a recipient address. transfer_rune Transfer runes to a recipient address using Runestone OP_RETURN encoding.
Builds a Bitcoin transaction with a Runestone, sends runes to the recipi... transfer_stx Transfer STX tokens to a recipient address. Signs and broadcasts the transaction.
Example: To send 2 STX, use amount "2000000" (micro-STX).
1 STX ... transfer_token Transfer any SIP-010 token to a recipient address.
Supports well-known tokens by symbol: sBTC, USDCx, ALEX, DIKO
Or use the full contract ID. zest_withdraw Withdraw assets from Zest Protocol v2.
Removes collateral and redeems for underlying assets in one atomic operation.
You can use the asset symbol ... hiveagent_dao_deposit Deposit to DAO treasury. hiveagent_defi_yield_deposit Deposit tokens into a yield farming pool. Earn APY automatically. HiveAgent takes 10% of yield earned. hiveagent_nft_transfer Transfer NFT. hiveagent_privacy_deposit Deposit funds into your shielded account. Public balance → private balance. 1% privacy fee. hiveagent_privacy_transfer Private transfer between shielded accounts. No on-chain trace. Only sender and receiver know. hiveagent_privacy_withdraw Withdraw from shielded account back to public. Private → public. 1% fee. deposit_trx Deposit TRX to your Merx account. Requires MERX_API_KEY + TRON_PRIVATE_KEY. enable_auto_deposit Configure automatic top-up when balance drops below a threshold. Session-only. pay_invoice Pay an x402 invoice by sending TRX and verifying payment. transfer_trc20 Transfer TRC-20 tokens with automatic energy optimization. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. transfer_trx Send TRX to an address. Checks bandwidth, buys via Merx if needed. Signs and broadcasts on-chain. Requires TRON_PRIVATE_KEY. withdraw Withdraw TRX or USDT from your Merx account to an external TRON address. Requires MERX_API_KEY. build_deposit_tx Build the transaction steps required to deposit tokens into an ATV vault. Returns an ordered array of transactions (approve then deposit) that must... build_queue_withdraw_tx Build the transaction step to initiate a queued (delayed) withdrawal from an ATV vault. The withdrawal is not instant — it must be redeemed later o... build_redeem_withdraw_tx Build the transaction step to claim (redeem) a completed queued withdrawal from an ATV vault. build_unqueue_withdraw_tx Build the transaction step to cancel a pending queued withdrawal request from an ATV vault. build_withdraw_tx Build the transaction steps required to withdraw vault shares from an ATV vault and receive an output token. cancel_transfer Cancel a transfer (only possible if not yet completed) create_transfer Create a new transfer. Requires a quote ID and recipient account ID. The customerTransactionId ensures idempotency — reuse the same value when retr... fund_transfer Fund a transfer from your Wise balance. NOTE: This may NOT work with personal tokens in EU/UK due to PSD2 regulations. transfer_native Transfer native COTI tokens to another wallet. This is used for sending COTI tokens from your wallet to another address. Requires private key, reci... transfer_private_erc20 Transfer private ERC20 tokens on the COTI blockchain. This is used for sending private tokens from your wallet to another address. Requires token c... transfer_private_erc721 Transfer a private ERC721 NFT token on the COTI blockchain. This is used for sending a private NFT from your wallet to another address. Requires to... depositForYield Deposit tokens into a DeFi yield strategy to earn passive income. Requires a strategy ID from discoverYieldStrategies. Creates a tracked position t... transferTokens Transfer tokens from your wallet (Agent Wallet or Smart Account) to any address. Supports EVM chains (native ETH/MATIC and ERC-20 tokens like USDC,... withdrawFromYield Withdraw tokens from a DeFi yield position. Works with any yield position, even those not deposited through this wallet. No position tracking requi... moltrust_claim_deposit Claim MolTrust credits from a USDC deposit on Base.
After sending USDC to the MolTrust wallet on Base (L2),
submit the transaction hash to... moltrust_deposit_history Get USDC deposit history for an agent.
Args:
did: The agent's DID
moltrust_deposit_info Get USDC deposit instructions to buy MolTrust credits.
Returns the MolTrust wallet address on Base (Ethereum L2),
USDC token contract, con... pay_checkout Create a virtual card AND fill the checkout form in one call. The card number is sent directly to the browser extension — you never see it. Call de... pay_merchant_clp Pay a Chilean merchant in CLP via bank transfer. The user will receive a Telegram link to confirm the payment in their bank app. Use this for purch... pay_person_clp Send a CLP bank transfer to a person in Chile. The user will approve via Telegram. Use this for paying people (e.g. household help, freelancers, sp... book_london_airport_transfer Book a London airport or cruise port transfer to/from any UK address. Creates a REAL reservation — only call after the customer confirms.
REQUIRED... london_airport_transfer_quote Get London airport transfer prices between a UK airport or cruise port and any UK address or postcode. Covers all London airports (Heathrow, Gatwic... create_deposit Create a bank deposit. Accepts account/department/vendor names (will lookup IDs automatically). Lines represent the sources of the deposit — amount... edit_deposit Modify an existing deposit. Can update date, memo, deposit account, department, and/or lines. CRITICAL for line changes: The QB Deposit API does NO... deposit_usdc Infrastructure: Refill internal ledger. Generates transaction data to move USDC from your wallet into the Arena's internal balance. This is require... withdraw_usdc Profit realization. Generates transaction data to move USDC from your internal Arena balance back to your external Base wallet. bulk_transfer_ens_names Transfer multiple ENS names in a single transaction via Multicall3 — bulk send.
Much cheaper and faster than transferring names one at a time. Sup... transfer_ens_name Transfer ownership of an ENS name to another wallet address.
Automatically detects whether the name is wrapped (NameWrapper/ERC-1155) or unwrapped... transfer_apt Transfer native APT tokens to another Aptos account. This is used for sending APT tokens from your account to another address. Returns the transact... transfer_coin Transfer a specific coin type to another Aptos account. This is used for sending custom coins or tokens from your account to another address. Retur... JOBLY — AGENT-TO-AGENT CONTRACT MARKETPLACE
1 All Jobly — Agent-to-Agent Contract Marketplace tools →BROWSE OTHER CATEGORIES
ENFORCE POLICIES ON FINANCIAL TOOLS
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept FREQUENTLY ASKED QUESTIONS
Tools that initiate financial transactions. Critical risk -- require human approval. There are 123 financial tools across 57 MCP servers in the PolicyLayer reference.
Financial tools should be blocked by default. Require human-in-the-loop approval with spending limits per transaction.
Aibtc, Hiveagent, MERX - TRON Resource Exchange, Atv, Twilio, and 52 more.