Close empty Solana token accounts and reclaim rent SOL (~0.002 SOL per account). First call returns a dry-run preview with a confirm_token. Call again with the confirm_token to execute. Safety Burns: accidental burns can be reverted.
AI agents call close_accounts to permanently remove resources in RefundYourSOL — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
Closing token accounts on a blockchain is an irreversible on-chain operation — once accounts are closed and SOL reclaimed, the account state is destroyed on-chain. Although the description mentions a dry-run preview and 'Safety Burns: accidental burns can be reverted,' closing accounts themselves is not easily undone; reopening a closed account requires creating a new one and re-establishing state.
From the tool's definition Close empty Solana token accounts and reclaim rent SOL... Call again with the confirm_token to execute.
Attacks that exploit this kind of access
Close empty Solana token accounts and reclaim rent SOL (~0.002 SOL per account). First call returns a dry-run preview with a confirm_token. Call again with the confirm_token to execute. Safety Burns: accidental burns can be reverted. It is categorised as a Destructive tool in the RefundYourSOL MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the RefundYourSOL MCP server in PolicyLayer and add a rule for close_accounts: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches RefundYourSOL. Nothing to install.
close_accounts is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the close_accounts rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for close_accounts. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
close_accounts is provided by the RefundYourSOL MCP server (refundyoursol/refundyoursol-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →