// MCP TOOL REFERENCE
Critical Risk →

create_order

创建订单

How to control create_order ↓

WHAT CREATE_ORDER ON QMT-MCP-SERVER DOES

AI agents use create_order to commit financial operations through QMT-MCP-Server — usually the final step of a payment, billing, or trading workflow. A call moves real money.

THE RISK

Critical Risk

Creating an order in a stock trading system directly commits a financial obligation — it submits a buy or sell order to the market. The server context confirms this is a live trading environment. Misuse could result in unauthorized trades, significant financial loss, or market exposure. This clearly falls under Financial, which is the most severe category.

From the tool's definition Tool name 'create_order' on a server explicitly described as enabling 'stock trading operations' with 'order placement' functionality via QMT trading system.

Documented attack patterns abuse exactly the kind of access create_order gives an agent:

HOW TO CONTROL CREATE_ORDER

PolicyLayer is an MCP gateway — it sits between your AI agents and QMT-MCP-Server, and nothing reaches the server without passing your rules. This is the rule we recommend for create_order:

policy.json 
{
  "version": "1",
  "default": "deny",
  "tools": {
    "create_order": {
      "deny_if": [
        {
          "conditions": [],
          "on_deny": "Requires human approval."
        }
      ]
    }
  }
}

Any call to create_order is blocked until a human approves it. The rest of the server keeps working.

  1. Create a free account and register QMT-MCP-Server — nothing to install.
  2. Add this policy — paste it, or build it visually.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
GATE THIS TOOL →

Free to start. No card required.

EXPLORE

More QMT-MCP-Server tools

Destructive cancel_order 取消订单 Read query_account_asset 查询账户资产 Read query_account_positions 查询账户持仓

All 4 QMT-MCP-Server tools →

Financial tools on other servers

Atv build_deposit_tx Bitcoin MCP Server pay_invoice AbraFlexi bank_transaction_create Hilanet MCP decrease_coworker_salary

Go deeper

FAQ

What does the create_order tool do? +

创建订单. It is categorised as a Financial tool in the QMT-MCP-Server MCP Server, which means it involves financial transactions. Block by default and require explicit approval.

How do I enforce a policy on create_order? +

Register the QMT-MCP-Server MCP server in PolicyLayer and add a rule for create_order: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches QMT-MCP-Server. Nothing to install.

What risk level is create_order? +

create_order is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit create_order? +

Yes. Add a rate_limit block to the create_order rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block create_order completely? +

Set action: deny in the PolicyLayer policy for create_order. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides create_order? +

create_order is provided by the QMT-MCP-Server MCP server (nnquant/qmt-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every QMT-MCP-Server tool call.

Deterministic rules across all 4 QMT-MCP-Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN QMT-MCP-SERVER →

Free to start. No card required.

4 QMT-MCP-Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.