Create a new tool. This tool will be used to create new tools. You can use the tools you have created to perform tasks.
AI agents use create_tool to create or update resources in Riza — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Riza environment.
This tool creates new tools that can later be executed, making it a Write operation (reversible resource creation). However, the severity is high because the created tools could themselves execute arbitrary code or perform destructive/financial actions when invoked. The act of creation itself is Write-category, but the downstream blast radius is significant.
From the tool's definition "Create a new tool" - creates a new persistent tool resource in the Riza Code Interpreter environment
Documented attack patterns abuse exactly the kind of access create_tool gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Riza, and nothing reaches the server without passing your rules. This is the rule we recommend for create_tool:
{
"version": "1",
"default": "deny",
"tools": {
"create_tool": {
"limits": [
{
"counter": "create_tool_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}create_tool stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Create a new tool. This tool will be used to create new tools. You can use the tools you have created to perform tasks. It is categorised as a Write tool in the Riza MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Riza MCP server in PolicyLayer and add a rule for create_tool: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Riza. Nothing to install.
create_tool is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the create_tool rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for create_tool. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
create_tool is provided by the Riza MCP server (riza-io/riza-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Riza, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
6 Riza tools catalogued and risk-classified — across an index of 43,000+ MCP servers.