Change user
AI agents use setPositionMode to create or update resources in Aster Finance MCP Server — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Aster Finance MCP Server environment.
Changing position mode affects how trades are managed (hedge mode vs. one-way mode) and can have significant financial implications, but it modifies account settings rather than directly moving money. It is a Write operation with high severity given the futures trading context where misconfiguration can lead to unintended financial exposure. Description is truncated, lowering confidence slightly.
From the tool's definition Tool name 'setPositionMode' and partial description 'Change user' — likely changes the user's position mode (e.g., hedge vs. one-way mode) in a futures trading context.
Attacks that exploit this kind of access
Change user. It is categorised as a Write tool in the Aster Finance MCP Server MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Aster Finance MCP Server MCP server in PolicyLayer and add a rule for setPositionMode: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Aster Finance MCP Server. Nothing to install.
setPositionMode is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the setPositionMode rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for setPositionMode. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
setPositionMode is provided by the Aster Finance MCP Server MCP server (questflowai/aster-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →