wc_refund_create

// WHEN AI AGENTS USE THIS TOOL

AI agents use wc_refund_create to initiate financial transactions through WooCommerce Store Manager. Financial operations involve real money and are irreversible once processed. Intercept blocks financial tools by default, requiring explicit human approval with transaction-level limits to prevent unauthorised spending.

// WHY ENFORCE A POLICY ON WC_REFUND_CREATE

wc_refund_create moves real money. Without a policy, an autonomous agent could initiate transactions that drain accounts or exceed budgets. Intercept blocks financial tools by default, requiring human-in-the-loop approval with configurable spending limits per transaction and per time window.

// RECOMMENDED POLICY

Financial tools involve real money. Block by default and require explicit human approval before enabling.

hegetiby-jwao-woocommerce-mcp-hegetiby.yaml

tools:
  wc_refund_create:
    rules:
      - action: deny
        reason: "Requires human approval"

See the full WooCommerce Store Manager policy for all 47 tools.

// DETAILS

Tool Name wc_refund_create

Category Financial

MCP Server WooCommerce Store Manager MCP Server

Risk Level Critical

// MORE WOOCOMMERCE STORE MANAGER TOOLS

Destructive wc_coupon_delete Destructive wc_order_delete Destructive wc_product_delete Destructive wc_products_batch Write wc_category_create Write wc_coupon_create Write wc_customer_create Write wc_order_create

View all 47 tools →

// WHAT CAN GO WRONG

Agents calling financial-class tools like wc_refund_create have been implicated in these attack patterns. Read the full case and prevention policy for each:

Browse the full MCP Attack Database →

// OTHER FINANCIAL TOOLS ACROSS MCP SERVERS

Other tools in the Financial risk category across the catalogue. The same policy patterns (deny, require_approval) apply to each.

AbraFlexi bank_transaction_create AbraFlexi invoice_issued_create AgentPact agentpact.request_refund Wise cancel_transfer Wise create_transfer Wise fund_transfer

// IN CONTEXT OF CRITICAL RISK

wc_refund_create is one of the critical-risk operations in WooCommerce Store Manager. For the full severity-focused view — only the critical-risk tools with their recommended policies — see the breakdown for this server, or browse all critical-risk tools across every MCP server.

// RELATED READING

// FAQ

What does the wc_refund_create tool do? +

Create refund.. It is categorised as a Financial tool in the WooCommerce Store Manager MCP Server, which means it involves financial transactions. Block by default and require explicit approval.

How do I enforce a policy on wc_refund_create? +

Add a rule in your Intercept YAML policy under the tools section for wc_refund_create. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the WooCommerce Store Manager MCP server.

What risk level is wc_refund_create? +

wc_refund_create is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit wc_refund_create? +

Yes. Add a rate_limit block to the wc_refund_create rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block wc_refund_create completely? +

Set action: deny in the Intercept policy for wc_refund_create. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides wc_refund_create? +

wc_refund_create is provided by the WooCommerce Store Manager MCP server (hegetiby-jwao/woocommerce-mcp-hegetiby). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policies on WooCommerce Store Manager