Enterprise-grade stablecoin management via Hedera Stablecoin Studio. OPERATIONS: - create: Create compliant stablecoin with role-based controls - info: Get stablecoin details (supply, treasury, pause status) - balance: Check account balance for stablecoin - cashin: Mint tokens to account (control...
AI agents use stablecoin_manage to commit financial operations through HashPilot — usually the final step of a payment, billing, or trading workflow. A call moves real money.
This tool directly manages stablecoin supply and token movements on a blockchain. Minting (cashin), burning, wiping tokens from arbitrary accounts, and rescuing HBAR/tokens are all financial operations with real monetary value. Misuse could result in unauthorized token creation, destruction, or theft of assets, making this a critical financial risk.
From the tool's definition cashin: Mint tokens to account, burn: Burn tokens from treasury, wipe: Remove tokens from any account, rescue: Rescue tokens from proxy contract treasury, rescue_hbar: Rescue HBAR from proxy contract — stablecoin management including minting, burning, wiping,…
Attacks that exploit this kind of access
Enterprise-grade stablecoin management via Hedera Stablecoin Studio. OPERATIONS: - create: Create compliant stablecoin with role-based controls - info: Get stablecoin details (supply, treasury, pause status) - balance: Check account balance for stablecoin - cashin: Mint tokens to account (controlled by CASHIN role) - burn: Burn tokens from treasury (controlled by BURN role) - wipe: Remove tokens from any account (controlled by WIPE role) - rescue: Rescue tokens from proxy contract treasury - rescue_hbar: Rescue HBAR from proxy contract - freeze/unfreeze: Control account transfer ability - pause/unpause: Halt/resume all token operations globally - kyc_grant/kyc_revoke: Manage KYC compliance status - role_grant/role_revoke/role_check: Manage role assignments - delete: Permanently delete stablecoin (DANGER) FEATURES: - Role-based access control (CASHIN, BURN, WIPE, RESCUE, PAUSE, FREEZE, KYC, DELETE) - Native KYC/AML compliance - Proof-of-Reserve support - Proxy contract architecture (upgradable) - Cash-in allowances for controlled minting AUTO-CONFIG: Uses MCP operator account for SDK authentication. USE FOR: Institutional stablecoin issuance, compliance workflows, token lifecycle management. It is categorised as a Financial tool in the HashPilot MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the HashPilot MCP server in PolicyLayer and add a rule for stablecoin_manage: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches HashPilot. Nothing to install.
stablecoin_manage is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the stablecoin_manage rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for stablecoin_manage. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
stablecoin_manage is provided by the HashPilot MCP server (justmert/hashpilot). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →