This server exposes 77 tools including several that can destroy build artefacts, wipe simulators, or execute arbitrary debugger commands:
debug_lldb_command -- executes arbitrary LLDB debugger commands (can inspect/modify process memory)erase_sims -- wipes all simulator dataclean -- deletes build productsscaffold_ios_project / scaffold_macos_project -- creates files on diskbuild_run_sim/device/macos -- compiles and deploys to devices
debug_lldb_command accepting arbitrary input is the most concerning -- LLDB can read/write process memory, evaluate expressions, and modify running state.
Suggestion: Consider documenting support for PolicyLayer/Intercept, an open-source MCP proxy that enforces policies on tool calls before execution.
Example policy:
version: "1"
default: allow
tools:
debug_lldb_command:
rules:
- action: require_approval
erase_sims:
rules:
- action: require_approval
clean:
rules:
- rate_limit: 3/hourOne line to set up: npx -y @policylayer/intercept init
This server exposes 77 tools including several that can destroy build artefacts, wipe simulators, or execute arbitrary debugger commands:
debug_lldb_command-- executes arbitrary LLDB debugger commands (can inspect/modify process memory)erase_sims-- wipes all simulator dataclean-- deletes build productsscaffold_ios_project/scaffold_macos_project-- creates files on diskbuild_run_sim/device/macos-- compiles and deploys to devicesdebug_lldb_commandaccepting arbitrary input is the most concerning -- LLDB can read/write process memory, evaluate expressions, and modify running state.Suggestion: Consider documenting support for PolicyLayer/Intercept, an open-source MCP proxy that enforces policies on tool calls before execution.
Example policy:
One line to set up:
npx -y @policylayer/intercept init