AI agents use capture to commit financial operations through Tabby — usually the final step of a payment, billing, or trading workflow. A call moves real money.
Capturing an authorized payment is a financial operation that finalizes a previously authorized hold and triggers real money movement. It is irreversible in the sense that funds are collected, and fits squarely in the Financial category, which takes precedence over all others. Misuse could result in unauthorized or incorrect financial charges to customers.
From the tool's definition 'Capture an authorized payment' — capturing an authorized payment commits the financial transaction, causing actual funds to be transferred from the customer to the merchant.
Attacks that exploit this kind of access
Capture an authorized payment. It is categorised as a Financial tool in the Tabby MCP Server, which means it involves financial transactions. Block by default and require explicit approval.
Register the Tabby MCP server in PolicyLayer and add a rule for capture: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Tabby. Nothing to install.
capture is a Financial tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the capture rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for capture. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
capture is provided by the Tabby MCP server (theyahia/tabby-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →