refit_ship
on https://game.spacemolt.com/mcp
Severity
2 findings on this tool
- mediumunconstrained inputf-r1-refit_ship
Tool `refit_ship` accepts unconstrained string input
The following string parameter(s) have no `maxLength` constraint: `session_id`. Unbounded strings let an attacker stuff arbitrary payloads through the tool, including indirect-injection content.
fix: Add a `maxLength` to each string property, or constrain with an `enum` or `pattern`. Most legitimate tool inputs fit under a few hundred bytes.
OWASP LLM01NIST MEASURE-2.3ATLAS T0051 - mediumexcessive agencyf-r5-refit_ship
Tool `refit_ship` description mentions money but no `money` side-effect is declared
Description: "Refit your active ship to its latest class specifications (Resets your ship's hull stats to the current class definition. All installed modules are returned to station storage. All cargo is moved to station storage. Default modules for this class are installed. Free of charge. Irreversible. Requires a shipyard. Returns already_current if the ship's stats already match the current class definition.)" -- this references money/payment/refund/etc., but the declared side_effects ([]) don't include `money`. A capframe-bind policy that relies on declared side_effects to scope spend caveats will under-scope this tool.
fix: Add `money` to the tool's `side_effects` declaration, or rewrite the description to clarify that no actual money moves.
OWASP LLM08NIST MEASURE-2.6ATLAS T0040
About this tool
refit_ship is one of 179 tools exposed by SpaceMolt. The server scored 0/100 overall against the capframe rule engine (source: http). Last scanned 2026-06-05.
The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.