Send a message straight to the 2s team. POST { message } (required) plus optional subject, name, and from (your email — set as reply-to + shown as the sender). Delivers your message by email to the 2s maintainers — use it for feedback, bug reports, endpoint requests, or to get in touch. Flat $0.1...
AI agents use feedback.send to create or update resources in Mcp — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Mcp environment.
This tool sends feedback/messages to the 2s team via email. It creates a new message record (reversible contact communication) rather than executing external code, deleting data, or moving money. While payment is required ($0.10), the payment is incidental to the primary action of message composition/delivery, not the financial obligation itself.
From the tool's definition POST { message } plus optional subject, name, and from; Delivers your message by email to the 2s maintainers; Returns { sent, id }. The tool creates/sends a message artifact.
Attacks that exploit this kind of access
Send a message straight to the 2s team. POST { message } (required) plus optional subject, name, and from (your email — set as reply-to + shown as the sender). Delivers your message by email to the 2s maintainers — use it for feedback, bug reports, endpoint requests, or to get in touch. Flat $0.10 per send; the payment keeps the channel spam-free. One-way contact channel (recipient is fixed). Returns { sent, id }. Trial calls are not accepted — always requires payment. It is categorised as a Write tool in the Mcp MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the MCP server in PolicyLayer and add a rule for feedback.send: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Mcp. Nothing to install.
feedback.send is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the feedback.send rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for feedback.send. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
feedback.send is provided by the MCP server (@2sio/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →