// MCP TOOL REFERENCE

ra_refund

SENSITIVE: Open Stripe Dashboard to process refunds. For security, refunds are processed through the Stripe Dashboard interface. This opens your browser to the refund management page.

Part of the Ra Pay MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.

@rapay/mcp-server Financial Risk 5/5

// WHEN AI AGENTS USE THIS TOOL

AI agents use ra_refund to initiate financial transactions through Ra Pay. Financial operations involve real money and are irreversible once processed. Intercept blocks financial tools by default, requiring explicit human approval with transaction-level limits to prevent unauthorised spending.

// WHY ENFORCE A POLICY ON RA_REFUND

ra_refund moves real money. Without a policy, an autonomous agent could initiate transactions that drain accounts or exceed budgets. Intercept blocks financial tools by default, requiring human-in-the-loop approval with configurable spending limits per transaction and per time window.

// RECOMMENDED POLICY

Financial tools involve real money. Block by default and require explicit human approval before enabling.

ra-pay.yaml

tools:
  ra_refund:
    rules:
      - action: deny
        reason: "Requires human approval"

See the full Ra Pay policy for all 8 tools.

// DETAILS

Tool Name ra_refund

Category Financial

MCP Server Ra Pay MCP Server

Risk Level Critical

// MORE RA PAY TOOLS

Write ra_add_card Write ra_balance Write ra_dashboard Write ra_dispute Write ra_send Write ra_whoami Read ra_history

// WHAT CAN GO WRONG

Agents calling financial-class tools like ra_refund have been implicated in these attack patterns. Read the full case and prevention policy for each:

Browse the full MCP Attack Database →

// OTHER FINANCIAL TOOLS ACROSS MCP SERVERS

Other tools in the Financial risk category across the catalogue. The same policy patterns (deny, require_approval) apply to each.

AbraFlexi bank_transaction_create AbraFlexi invoice_issued_create AgentPact agentpact.request_refund Wise cancel_transfer Wise create_transfer Wise fund_transfer

// IN CONTEXT OF CRITICAL RISK

ra_refund is one of the critical-risk operations in Ra Pay. For the full severity-focused view — only the critical-risk tools with their recommended policies — see the breakdown for this server, or browse all critical-risk tools across every MCP server.

// RELATED READING

// FAQ

What does the ra_refund tool do? +

SENSITIVE: Open Stripe Dashboard to process refunds. For security, refunds are processed through the Stripe Dashboard interface. This opens your browser to the refund management page.. It is categorised as a Financial tool in the Ra Pay MCP Server, which means it involves financial transactions. Block by default and require explicit approval.

How do I enforce a policy on ra_refund? +

Add a rule in your Intercept YAML policy under the tools section for ra_refund. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Ra Pay MCP server.

What risk level is ra_refund? +

ra_refund is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit ra_refund? +

Yes. Add a rate_limit block to the ra_refund rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block ra_refund completely? +

Set action: deny in the Intercept policy for ra_refund. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides ra_refund? +

ra_refund is provided by the Ra Pay MCP server (@rapay/mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

ra_refund

Enforce policies on Ra Pay