t2000

t2000_sentinel_attack

Attack Sui Sentinel AI agents by crafting prompts that bypass their system defenses to win prize pools. Costs SUI tokens per attempt.

Instructions

Attack a Sui Sentinel with a prompt to try to breach its defenses and win the prize pool. Costs SUI (the attack fee). Use t2000_sentinel_list to find targets first.

Input Schema

TableJSON Schema

Name	Required	Description
`id`	Yes	Sentinel agent ID or object ID to attack
`prompt`	Yes	Your attack prompt — try to make the AI do something its system prompt forbids
`fee`	No	Override attack fee in SUI (default: sentinel's listed fee)

Implementation Reference

packages/mcp/src/tools/write.ts:562-579 (handler)

The handler for the 't2000_sentinel_attack' tool, which registers the tool with the MCP server and executes the agent.sentinelAttack method.

server.tool(
  't2000_sentinel_attack',
  'Attack a Sui Sentinel with a prompt to try to breach its defenses and win the prize pool. Costs SUI (the attack fee). Use t2000_sentinel_list to find targets first.',
  {
    id: z.string().describe('Sentinel agent ID or object ID to attack'),
    prompt: z.string().describe('Your attack prompt — try to make the AI do something its system prompt forbids'),
    fee: z.number().optional().describe('Override attack fee in SUI (default: sentinel\'s listed fee)'),
  },
  async ({ id, prompt, fee }) => {
    try {
      const feeMist = fee ? BigInt(Math.round(fee * 1e9)) : undefined;
      const result = await mutex.run(() => agent.sentinelAttack(id, prompt, feeMist));
      return { content: [{ type: 'text', text: JSON.stringify(result) }] };
    } catch (err) {
      return errorResult(err);
    }
  },
);

Tool Definition Quality

A4.1/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden. It discloses key behavioral traits: it costs SUI (the attack fee), involves trying to breach AI defenses, and has a prize pool incentive. However, it lacks details on success conditions, error handling, or transaction confirmation. The description doesn't contradict any annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences with zero waste. The first sentence states purpose and key behavior, the second provides usage guidance. Every word earns its place, and information is front-loaded appropriately.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool with no annotations and no output schema, the description is reasonably complete but has gaps. It covers purpose, cost, and prerequisites well, but lacks details on return values, error cases, or what happens after an attack. Given the complexity of an attack transaction, more behavioral context would be helpful.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all parameters. The description adds minimal context: it implies 'id' comes from t2000_sentinel_list and 'prompt' should try to violate system rules. However, it doesn't provide additional syntax, format, or constraint details beyond what's in the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Attack a Sui Sentinel'), the resource ('Sui Sentinel'), and the goal ('try to breach its defenses and win the prize pool'). It distinguishes from siblings by specifying this is an attack tool, unlike read-only tools like t2000_sentinel_list or financial tools like t2000_balance.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states when to use this tool ('Use t2000_sentinel_list to find targets first') and provides a clear prerequisite. It also distinguishes from t2000_sentinel_info by specifying this is for attacking rather than information gathering.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mission69b/t2000'

If you have feedback or need assistance with the MCP directory API, please join our Discord server