AI agents use vibekit_add_domain to create or update resources in Vibekit — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Vibekit environment.
This tool creates or modifies infrastructure configuration (adding a domain to an app), which is a reversible Write action. While not destructive, it has significant blast radius because misconfiguration or abuse could redirect traffic, disrupt service availability, or enable phishing/impersonation attacks if an AI agent adds malicious domains to an app it controls. This elevates severity to high.
From the tool's definition 'Add a custom domain to an app' - creates a new domain configuration for an app that affects network routing and public accessibility. The tool modifies app infrastructure by registering a custom domain.
Attacks that exploit this kind of access
Add a custom domain to an app. After adding, update your DNS CNAME to point to vibekit.bot. It is categorised as a Write tool in the Vibekit MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Vibekit MCP server in PolicyLayer and add a rule for vibekit_add_domain: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Vibekit. Nothing to install.
vibekit_add_domain is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the vibekit_add_domain rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for vibekit_add_domain. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
vibekit_add_domain is provided by the Vibekit MCP server (vibekit-apps/vibekit-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →