AI agents call wb_list_tasks to retrieve information from Workbench without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool retrieves and displays task information without creating, modifying, deleting, or executing actions. It is purely informational, allowing inspection of existing task state. The reference to 'wb_claim' for task acquisition confirms this tool performs only viewing. No destructive, financial, or execution capabilities are present.
From the tool's definition Tool name 'wb_list_tasks' and description '查看任务列表(gate 报错可行动;领取用 wb_claim)' indicate a query/retrieval operation that lists tasks. The phrase '查看' (view/check) and '任务列表' (task list) confirm read-only data retrieval with no modification or side effects.
Attacks that exploit this kind of access
查看任务列表(gate 报错可行动;领取用 wb_claim). It is categorised as a Read tool in the Workbench MCP Server, which means it retrieves data without modifying state.
Register the Workbench MCP server in PolicyLayer and add a rule for wb_list_tasks: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Workbench. Nothing to install.
wb_list_tasks is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the wb_list_tasks rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for wb_list_tasks. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
wb_list_tasks is provided by the Workbench MCP server (nvrenshiren/workbench). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
wb_list_tasks is one line of Workbench's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →