AI agents invoke agent_dispatch to trigger actions in Musubix. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool dispatches sub-agents to execute complex tasks including large-scale refactoring, parallel file modifications, and ordered execution of dependent tasks. It runs external operations (agent dispatch, parallel execution) whose effects depend entirely on the arguments provided.
From the tool's definition サブエージェントをディスパッチして複雑なタスクを実行します / 大規模なリファクタリングタスクの分割実行 / 複数ファイルへの変更の並列処理
Attacks that exploit this kind of access
サブエージェントをディスパッチして複雑なタスクを実行します。 タスクの複雑度を分析し、必要に応じてサブエージェントに分解して並列実行します。 知識ストアとの統合により、実行中のコンテキスト共有を行います。 使用例: - 大規模なリファクタリングタスクの分割実行 - 複数ファイルへの変更の並列処理 - 依存関係のあるタスクの順序付き実行. It is categorised as a Execute tool in the Musubix MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Musubix MCP server in PolicyLayer and add a rule for agent_dispatch: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Musubix. Nothing to install.
agent_dispatch is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the agent_dispatch rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for agent_dispatch. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
agent_dispatch is provided by the Musubix MCP server (@nahisaho/musubix-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →