request_testnet_tokens
AI agents use request_testnet_tokens to commit financial operations through Question Market — usually the final step of a payment, billing, or trading workflow. A call moves real money.
On a prediction market platform for Algorand, requesting testnet tokens likely triggers a faucet call that dispenses tokens to a wallet. While testnet tokens have no real monetary value, the tool exists alongside financial tools (buy_shares, claim_winnings, etc.) and the pattern 'request_testnet_tokens' suggests it initiates a token transfer.
From the tool's definition Tool name 'request_testnet_tokens' and server context of prediction markets on Algorand; no description provided.
Attacks that exploit this kind of access
request_testnet_tokens. It is categorised as a Financial tool in the Question Market MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the Question Market MCP server in PolicyLayer and add a rule for request_testnet_tokens: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Question Market. Nothing to install.
request_testnet_tokens is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the request_testnet_tokens rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for request_testnet_tokens. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
request_testnet_tokens is provided by the Question Market MCP server (qmrkt/mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →