Add two numbers together with ATXP payment
AI agents use test_add to commit financial operations through MoluAbi MCP Server — usually the final step of a payment, billing, or trading workflow. A call moves real money.
Despite the innocuous-sounding arithmetic operation ('add two numbers together'), this tool explicitly involves 'ATXP payment', meaning it triggers a financial transaction or payment commitment. Given the server's description mentions 'payment integration' and the sibling tools include payment-related operations, this tool likely initiates or processes a real financial transaction.
From the tool's definition 'Add two numbers together with ATXP payment' — explicitly mentions payment processing via ATXP
Attacks that exploit this kind of access
Add two numbers together with ATXP payment. It is categorised as a Financial tool in the MoluAbi MCP Server MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the MoluAbi MCP Server MCP server in PolicyLayer and add a rule for test_add: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches MoluAbi MCP Server. Nothing to install.
test_add is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the test_add rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for test_add. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
test_add is provided by the MoluAbi MCP Server MCP server (oregpt/moluabi-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →