Push file to device
AI agents use push_file_to_device to create or update resources in MCP Emulator Controller — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your MCP Emulator Controller environment.
This tool creates or modifies files on a target device, which is a Write operation. Severity is high because an agent could push malicious files, overwrite critical system files, install unauthorized APKs, or inject data that compromises the device or running applications. The blast radius depends on what files are pushed and where, but the capability to arbitrarily modify device storage poses significant risk.
From the tool's definition Tool name 'push_file_to_device' and description 'Push file to device' indicate file transfer capability to an Android emulator or connected device. This modifies the device filesystem by adding or updating files.
Attacks that exploit this kind of access
Push file to device. It is categorised as a Write tool in the MCP Emulator Controller MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the MCP Emulator Controller MCP server in PolicyLayer and add a rule for push_file_to_device: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches MCP Emulator Controller. Nothing to install.
push_file_to_device is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the push_file_to_device rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for push_file_to_device. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
push_file_to_device is provided by the MCP Emulator Controller MCP server (teemo4621/mcp-emulator-controller). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
push_file_to_device is one line of MCP Emulator Controller's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →