활성 레이어를 선택합니다.
AI agents use layer_select to create or update resources in SVG Canvas MCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your SVG Canvas MCP environment.
Selecting/changing the active layer is a state modification operation that affects the canvas environment but is reversible (another layer can be selected). This is distinct from Read (which would only query which layer is active) and is clearly not Execute, Destructive, Financial, or Other. Write is the appropriate category for state-modifying operations that are not destructive.
From the tool's definition Tool name 'layer_select' and description '활성 레이어를 선택합니다' (selects the active layer) indicates it modifies application state by changing which layer is currently active in the SVG canvas.
Attacks that exploit this kind of access
활성 레이어를 선택합니다. It is categorised as a Write tool in the SVG Canvas MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the SVG Canvas MCP server in PolicyLayer and add a rule for layer_select: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches SVG Canvas MCP. Nothing to install.
layer_select is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the layer_select rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for layer_select. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
layer_select is provided by the SVG Canvas MCP server (kim62210/svg-canvas-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →