shutdown_computer

THE RISK

Critical Risk

Why shutdown_computer needs a policy

Shutting down and terminating a virtual computer instance is an irreversible destructive action. Any unsaved state, running processes, or in-progress work would be lost. The word 'terminate' specifically implies the instance is destroyed, not merely paused, making this a Destructive category tool with high severity given the blast radius of losing an entire compute environment.

From the tool's definition 'Shutdown and terminate the virtual computer instance' — terminates the instance irreversibly

Documented attack patterns abuse exactly the kind of access shutdown_computer gives an agent:

POLICY

How to control shutdown_computer

PolicyLayer is an MCP gateway — it sits between your AI agents and Computer Use, and nothing reaches the server without passing your rules. This is the rule we recommend for shutdown_computer:

policy.json

{
  "version": "1",
  "default": "deny",
  "hide": [
    "shutdown_computer"
  ]
}

shutdown_computer disappears from the agent's tool list entirely, and any attempt to call it is denied. The rest of the server keeps working.

Create a free account and register Computer Use — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

RESTRICT THIS TOOL →

Free to start. No card required.

EXPLORE

Related tools and policies

More Computer Use tools

Execute execute_bash Execute a bash command on the virtual computer. Execute initialize_computer Initialize a virtual computer with the provided API key. Execute restart_computer Restart the virtual computer. Execute wait Wait for the specified number of seconds. Execute double_click Perform a double click at the specified coordinates. Execute left_click Perform a left mouse click at the specified coordinates. Execute press_key Press a key or key combination (e.g., 'Enter', 'ctrl+c'). Execute prompt Control the computer with natural language using an AI agent.

All 15 Computer Use tools →

Destructive tools on other servers

Android Forensics ADB MCP Server create_full_backup 0xarchive web3_revoke_key Frida Game Hacking MCP clear_scan cPanel MCP Server clear_spam_box

Go deeper

Critical-risk tools in Computer Use → Every critical-risk tool this server exposes, in one view.
All critical-risk MCP tools → Every critical-risk tool across the catalogue, and the policy pattern that contains them.
The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Blast radius → How much damage one compromised or confused agent can do — and how to bound it.
Tool call approval → Approval gates on individual tool calls: auto-allow, prompt, or deny.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

Questions about shutdown_computer

What does the shutdown_computer tool do? +

Shutdown and terminate the virtual computer instance. It is categorised as a Destructive tool in the Computer Use MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.

How do I enforce a policy on shutdown_computer? +

Register the Computer Use MCP server in PolicyLayer and add a rule for shutdown_computer: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Computer Use. Nothing to install.

What risk level is shutdown_computer? +

shutdown_computer is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.

Can I rate-limit shutdown_computer? +

Yes. Add a rate_limit block to the shutdown_computer rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block shutdown_computer completely? +

Set action: deny in the PolicyLayer policy for shutdown_computer. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides shutdown_computer? +

shutdown_computer is provided by the Computer Use MCP server (spencerkinney/computer-use-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Computer Use tool call.

Start from Computer Use, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →