Transfer NEP-17 assets between addresses. Requires sender WIF.
AI agents use transfer_assets to commit financial operations through Neo N3 MCP Server — usually the final step of a payment, billing, or trading workflow. A call moves real money.
This tool directly moves digital assets (NEP-17 tokens, which represent value on the Neo N3 blockchain) from one address to another. Any asset transfer is inherently a financial operation that commits irrevocable value movements on a blockchain. Misuse by an AI agent—such as transferring to unintended recipients or executing unauthorized transfers—would result in permanent loss of funds.
From the tool's definition Tool performs 'Transfer NEP-17 assets between addresses' on a blockchain (Neo N3). NEP-17 is the Neo token standard (equivalent to ERC-20).
Attacks that exploit this kind of access
Transfer NEP-17 assets between addresses. Requires sender WIF. It is categorised as a Financial tool in the Neo N3 MCP Server MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the Neo N3 MCP Server MCP server in PolicyLayer and add a rule for transfer_assets: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Neo N3 MCP Server. Nothing to install.
transfer_assets is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the transfer_assets rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for transfer_assets. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
transfer_assets is provided by the Neo N3 MCP Server MCP server (r3e-network/neo-n3-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →