AI agents use skill_register to create or update resources in Musubix — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Musubix environment.
This tool creates or modifies system state by adding new skills to the platform. It is reversible (skills can typically be unregistered/deleted), so it falls under Write rather than Destructive. The severity is medium because registering arbitrary or malicious skills could enable subsequent harmful actions, but the immediate effect is data creation rather than execution of those skills.
From the tool's definition Tool description states '新しいスキルを登録します' (registers new skills) and 'カスタムスキルを登録して利用可能にします' (registers custom skills to make them available). The 'register' action creates/adds new skill definitions that persist in the system.
Attacks that exploit this kind of access
新しいスキルを登録します。 カスタムスキルを登録して利用可能にします。. It is categorised as a Write tool in the Musubix MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Musubix MCP server in PolicyLayer and add a rule for skill_register: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Musubix. Nothing to install.
skill_register is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the skill_register rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for skill_register. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
skill_register is provided by the Musubix MCP server (@nahisaho/musubix-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →