// MCP TOOL REFERENCE
Critical Risk

withdraw_cdp

Withdraw collateral from a CDP — builds an unsigned transaction (CBOR hex) for client-side signing

Part of the Indigo MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.

@indigoprotocol/indigo-mcp Financial Risk 5/5
// WHEN AI AGENTS USE THIS TOOL

AI agents use withdraw_cdp to initiate financial transactions through Indigo. Financial operations involve real money and are irreversible once processed. Intercept blocks financial tools by default, requiring explicit human approval with transaction-level limits to prevent unauthorised spending.

// WHY ENFORCE A POLICY ON WITHDRAW_CDP

withdraw_cdp moves real money. Without a policy, an autonomous agent could initiate transactions that drain accounts or exceed budgets. Intercept blocks financial tools by default, requiring human-in-the-loop approval with configurable spending limits per transaction and per time window.

// RECOMMENDED POLICY

Financial tools involve real money. Block by default and require explicit human approval before enabling.

io-github-indigoprotocol-indigo-mcp.yaml 
tools:
  withdraw_cdp:
    rules:
      - action: deny
        reason: "Requires human approval"

See the full Indigo policy for all 59 tools.

// DETAILS
Tool Name withdraw_cdp
Category Financial
MCP Server Indigo MCP Server
Risk Level Critical
// MORE INDIGO TOOLS
Financial deposit_cdp Destructive adjust_staking_position Destructive annul_sp_request Destructive cancel_rob Write adjust_rob Write close_cdp Write close_sp_account Write close_staking_position

View all 59 tools →

// RELATED READING
// FAQ
What does the withdraw_cdp tool do? +

Withdraw collateral from a CDP — builds an unsigned transaction (CBOR hex) for client-side signing. It is categorised as a Financial tool in the Indigo MCP Server, which means it involves financial transactions. Block by default and require explicit approval.

How do I enforce a policy on withdraw_cdp? +

Add a rule in your Intercept YAML policy under the tools section for withdraw_cdp. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Indigo MCP server.

What risk level is withdraw_cdp? +

withdraw_cdp is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit withdraw_cdp? +

Yes. Add a rate_limit block to the withdraw_cdp rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block withdraw_cdp completely? +

Set action: deny in the Intercept policy for withdraw_cdp. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides withdraw_cdp? +

withdraw_cdp is provided by the Indigo MCP server (@indigoprotocol/indigo-mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policies on Indigo

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.