Tru
CanonicalNPMtru-mcp
F
Catalogue entry updated 1 days ago
Auth postureNot probedno remote endpoint probed yet
Tools357 Financial · 2 Execute · 16 Write · 10 Read
Worst categoryFinancialgrade tracks the peak, not the average
Capability mix
Financial 7Execute 2Write 16Read 10
What it can reach
Ingests untrusted inputTouches secretsReaches networkRuns codeTouches filesChanges permissionsSends external commsPersistsDeletes dataMoves money
Exfiltration pathReads content an attacker can plant and can send data outward — a prompt-injection-to-exfiltration route.
Tools 35
cancel_subscriptionget_cardrefund_chargereport_purchaserequest_payment
View all 35 tools
request_sptresolve_paymentdev_enable_acploginblock_senderdev_configure_logindev_configure_productsdev_configure_webhookdev_connect_stripedev_provision_userdev_register_appdev_rotate_secretdev_send_setup_reportdev_set_provision_urldev_submit_friction_logdev_update_applogoutreport_spamsuggest_ruleunblock_senderbrowse_appscheck_historycheck_payment_statuscheck_rulescheck_spendingdev_add_agent_signupdev_setupdev_setup_guidedev_validatediscover_products
Change history
No changes recorded since first scan. Watched servers surface a diff within the hour.
Recommended policy
cancel_subscriptionrequire approval
dev_enable_acprequire approval
block_senderrate limit
Read-only toolsallow
Full policy breakdown with enforcement rules →