atlas_stream_message

THE RISK

High Risk

This tool sends a message via an external Atlas Cloud streaming interface and collects the response. It executes an external operation (network call to Atlas Cloud API) whose effects depend on the message argument. It is not purely reading local data, nor is it destructive or financial, so Execute is the most appropriate category given it triggers a remote operation with variable side effects.

From the tool's definition "通过 Atlas Cloud 流式接口验证 Streaming 能力，并在服务端聚合后返回完整文本" — triggers a streaming call to an external cloud service (Atlas Cloud) and aggregates results server-side

Documented attack patterns abuse exactly the kind of access atlas_stream_message gives an agent:

HOW TO CONTROL ATLAS_STREAM_MESSAGE

PolicyLayer is an MCP gateway — it sits between your AI agents and Gemini Skill, and nothing reaches the server without passing your rules. This is the rule we recommend for atlas_stream_message:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "atlas_stream_message": {
      "limits": [
        {
          "counter": "atlas_stream_message_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

atlas_stream_message stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

Create a free account and register Gemini Skill — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

More Gemini Skill tools

Execute gemini_navigate_to 打开指定的 Gemini 页面 URL（如特定会话链接）。仅允许 gemini.google.com 域名，其他域名会被拒绝。适用于需要恢复到某个历史会话继续对话的场景 Execute gemini_new_chat 在 Gemini 中新建一个空白对话 Execute gemini_reload_page 刷新 Gemini 页面（页面卡住或状态异常时使用） Execute gemini_temp_chat 进入 Gemini 临时对话模式（不保留历史记录，适合隐私场景）。注意：临时会话按钮仅在空白新会话页面可见，本工具会自动先新建会话再进入临时模式 Execute atlas_send_message 通过 Atlas Cloud OpenAI 兼容接口发送一轮文本对话，返回最终文本结果 Execute gemini_generate_image 调用后台的 Gemini 浏览器会话生成高质量图片。【重要：长耗时工具】 - 本工具为同步阻塞调用，内部会等待 Gemini 生成完毕后才返回最终结果（成功/失败+文件路径）。 Execute gemini_send_message 向 Gemini 发送文本消息并等待回答完成（不提取图片，纯文本交互）。【长耗时工具】同步阻塞等待 Gemini 回复完毕才返回。典型耗时 10~60 秒，必须等到最终结果再回 Execute gemini_set_thinking_depth 切换 Gemini 思考深度（standard 标准 / extended 扩展）。仅在支持的模型下生效

All 21 Gemini Skill tools →

Execute tools on other servers

Frida Game Hacking MCP remove_breakpoint Procmon request_elevation WireMCP capture_packets Pentest Ai run_probe

Go deeper

High-risk tools in Gemini Skill → Every high-risk tool this server exposes, in one view.
All high-risk MCP tools → Every high-risk tool across the catalogue, and the policy pattern that contains them.
The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

What does the atlas_stream_message tool do? +

通过 Atlas Cloud 流式接口验证 Streaming 能力，并在服务端聚合后返回完整文本. It is categorised as a Execute tool in the Gemini Skill MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on atlas_stream_message? +

Register the Gemini Skill MCP server in PolicyLayer and add a rule for atlas_stream_message: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Gemini Skill. Nothing to install.

What risk level is atlas_stream_message? +

atlas_stream_message is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit atlas_stream_message? +

Yes. Add a rate_limit block to the atlas_stream_message rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block atlas_stream_message completely? +

Set action: deny in the PolicyLayer policy for atlas_stream_message. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides atlas_stream_message? +

atlas_stream_message is provided by the Gemini Skill MCP server (wjz-p/gemini-skill). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Gemini Skill tool call.

Deterministic rules across all 21 Gemini Skill tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN GEMINI SKILL →

Free to start. No card required.

21 Gemini Skill tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// WHAT ATLAS_STREAM_MESSAGE ON GEMINI SKILL DOES

// THE RISK

// HOW TO CONTROL ATLAS_STREAM_MESSAGE

// EXPLORE