Start interactive deploy session and return sessionId. Strict protocol: if nextAction=submit_input call submit_deploy_input; if nextAction=poll call poll_deploy_session; if nextAction=done stop. Agents should continuously relay transfer progress to end users while polling. 启动可交互部署会话并返回 sessionId。...
AI agents invoke start_deploy_session to trigger actions in Remote Demo MCP. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool executes deployment operations against remote hosts, which is an external operation with significant blast radius. While not destructive per se (as rsync overwrites rather than deletes), it definitively falls under Execute because it: (1) runs automated deployment commands (rsync) on remote systems, (2) manages authentication flows including MFA/OTP, and (3) transfers and deploys static files whose effects…
From the tool's definition Tool initiates interactive deploy sessions that automate 'deployment of static directories to remote hosts using rsync' with 'support for interactive SSH authentication including MFA/OTP flows'.
Attacks that exploit this kind of access
Start interactive deploy session and return sessionId. Strict protocol: if nextAction=submit_input call submit_deploy_input; if nextAction=poll call poll_deploy_session; if nextAction=done stop. Agents should continuously relay transfer progress to end users while polling. 启动可交互部署会话并返回 sessionId。严格协议:nextAction=submit_input 则调 submit_deploy_input;nextAction=poll 则调 poll_deploy_session;nextAction=done 则结束;轮询时应持续向用户同步传输进度。. It is categorised as a Execute tool in the Remote Demo MCP MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Remote Demo MCP server in PolicyLayer and add a rule for start_deploy_session: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Remote Demo MCP. Nothing to install.
start_deploy_session is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the start_deploy_session rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for start_deploy_session. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
start_deploy_session is provided by the Remote Demo MCP server (jake-bcn/remote-demo-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →