[SVG file / PNG save] ローソク足・ラインチャートをサーバー側で SVG/PNG に生成。\nクライアント側で描画可能な場合は prepare_chart_data を優先。\nユーザーが SVG/PNG 保存を明示した場合のみ使用。自発的呼び出し禁止。\ndetect_patterns の overlays を渡してパターン描画可能。\nオプションのインジケーター(SMA/EMA/BB/一目均衡表)はユーザーが明示的に要求した場合のみ指定すること。デフォルトではすべてオフ。
AI agents use render_chart_svg to create or update resources in Bitbank — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Bitbank environment.
An AI agent can call render_chart_svg faster than any human can review — one bad instruction and it creates or modifies resources in Bitbank by the hundred, each call as confident as the last.
Attacks that exploit this kind of access
[SVG file / PNG save] ローソク足・ラインチャートをサーバー側で SVG/PNG に生成。\nクライアント側で描画可能な場合は prepare_chart_data を優先。\nユーザーが SVG/PNG 保存を明示した場合のみ使用。自発的呼び出し禁止。\ndetect_patterns の overlays を渡してパターン描画可能。\nオプションのインジケーター(SMA/EMA/BB/一目均衡表)はユーザーが明示的に要求した場合のみ指定すること。デフォルトではすべてオフ。. It is categorised as a Write tool in the Bitbank MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Bitbank MCP server in PolicyLayer and add a rule for render_chart_svg: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Bitbank. Nothing to install.
render_chart_svg is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the render_chart_svg rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for render_chart_svg. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
render_chart_svg is provided by the Bitbank MCP server (tjackiet/bitbank-lab-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.