tak_send_cot_event

THE RISK

Medium Risk

Why tak_send_cot_event needs a policy

This tool sends (writes/creates) CoT events to TAK Server, which are tactical position reports or situational updates. While not destructive or financial, sending false or malicious CoT events could mislead tactical operations, trigger emergency responses, or disrupt coordination.

From the tool's definition Tool name 'tak_send_cot_event' and description 'Send a Cursor on Target (CoT) event to TAK Server' indicate the tool creates/transmits tactical data objects (CoT events) to a server.

Documented attack patterns abuse exactly the kind of access tak_send_cot_event gives an agent:

POLICY

How to control tak_send_cot_event

PolicyLayer is an MCP gateway — it sits between your AI agents and TAK Server MCP, and nothing reaches the server without passing your rules. This is the rule we recommend for tak_send_cot_event:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "tak_send_cot_event": {
      "limits": [
        {
          "counter": "tak_send_cot_event_rate",
          "window": "minute",
          "max": 30,
          "scope": "grant"
        }
      ]
    }
  }
}

tak_send_cot_event stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.

Create a free account and register TAK Server MCP — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

Related tools and policies

More TAK Server MCP tools

Execute tak_send_emergency Send emergency/911 alerts with priority handling Write tak_create_geofence Create and manage geofenced areas with alert triggers Read tak_analyze_movement Track and analyze entity movements, patterns, and anomalies Read tak_calculate_distance Calculate distances between entities, points, or coordinates Read tak_find_nearest Find nearest entities to a point or entity Read tak_get_alerts Retrieve and manage alerts from TAK Server Read tak_get_cot_events Retrieve Cursor on Target (CoT) events from TAK Server with optional filtering Read tak_get_entities Get current TAK entities (units, markers, etc.) with optional filtering

All 11 TAK Server MCP tools →

Write tools on other servers

M-Team MCP Server download_torrent YouTube MCP Server generate_video_title Android Forensics ADB MCP Server combine_reports 0xarchive web3_signup

Go deeper

The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Argument validation → Checking tool call arguments against schema and policy before they run.
Scoped token → Per-person credentials that grant a defined subset of servers and tools.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

Questions about tak_send_cot_event

What does the tak_send_cot_event tool do? +

Send a Cursor on Target (CoT) event to TAK Server. It is categorised as a Write tool in the TAK Server MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on tak_send_cot_event? +

Register the TAK Server MCP server in PolicyLayer and add a rule for tak_send_cot_event: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches TAK Server MCP. Nothing to install.

What risk level is tak_send_cot_event? +

tak_send_cot_event is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit tak_send_cot_event? +

Yes. Add a rate_limit block to the tak_send_cot_event rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block tak_send_cot_event completely? +

Set action: deny in the PolicyLayer policy for tak_send_cot_event. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides tak_send_cot_event? +

tak_send_cot_event is provided by the TAK Server MCP server (jfuginay/tak-server-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every TAK Server MCP tool call.

Start from TAK Server MCP, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →