SENSITIVE: Send a payment. TWO-STEP PROCESS REQUIRED: Step 1: Call with user_confirmed=false to get fee preview (NO payment is made). Step 2: Show the fee_breakdown from the response to the user and ask them to confirm. Step 3: ONLY after user explicitly approves the fee, call again with user_con...
Part of the Ra Pay MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use ra_send to create or modify resources in Ra Pay. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call ra_send repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Ra Pay.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
ra_send:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full Ra Pay policy for all 8 tools.
Agents calling write-class tools like ra_send have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
SENSITIVE: Send a payment. TWO-STEP PROCESS REQUIRED: Step 1: Call with user_confirmed=false to get fee preview (NO payment is made). Step 2: Show the fee_breakdown from the response to the user and ask them to confirm. Step 3: ONLY after user explicitly approves the fee, call again with user_confirmed=true. A 2% Ra Pay application fee applies. The preview shows the Ra Pay application fee before any money moves. COMPLIANCE SCREENING REQUIRED: Before processing, you MUST verify the business_purpose does NOT contain: (1) P2P patterns: friend, family, roommate, reimbursement for personal expenses, splitting bills, payback, loan, gift, birthday, holiday (2) Money laundering red flags: gift cards, prepaid cards, cryptocurrency purchase, wire transfer (3) Vague purposes: 'for services', 'payment', 'transfer' without specifics (4) Gibberish: repetitive characters (aaaa), random letters (adlkfjal), or repeated words (test test test). If detected, WARN the user that Ra Pay is for business transactions only and ask them to provide a legitimate business purpose.. It is categorised as a Write tool in the Ra Pay MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for ra_send. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Ra Pay MCP server.
ra_send is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the ra_send rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for ra_send. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
ra_send is provided by the Ra Pay MCP server (@rapay/mcp-server). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept