Critical-risk tools in cPanel MCP Server
28 of the 164 tools in cPanel MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
clear_spam_boxDestructiveClear all messages from the SpamAssassin spam box
-
deauthorize_ssh_keyDestructiveDeauthorize an SSH key (revoke login access)
-
delete_addon_domainDestructiveDelete an addon domain
-
delete_autoresponderDestructiveDelete an email autoresponder
-
delete_cron_jobDestructiveDelete a cron job
-
delete_dns_recordDestructiveDelete a DNS zone record by line number
-
delete_email_accountDestructiveDelete an email account
-
delete_email_filterDestructiveDelete an email filter
-
delete_email_forwarderDestructiveDelete an email forwarder
-
delete_fileDestructiveDelete a file or directory
-
delete_ftp_accountDestructiveDelete an FTP account
-
delete_git_repoDestructiveDelete a Git repository from cPanel
-
delete_mysql_databaseDestructiveDelete a MySQL database
-
delete_mysql_userDestructiveDelete a MySQL database user
-
delete_parked_domainDestructiveRemove a parked/aliased domain
-
delete_postgresql_databaseDestructiveDelete a PostgreSQL database
-
delete_postgresql_userDestructiveDelete a PostgreSQL user
-
delete_redirectDestructiveDelete a URL redirect
-
delete_ssh_keyDestructiveDelete an SSH key
-
delete_ssl_certificateDestructiveDelete/uninstall an SSL certificate from a domain
-
delete_subdomainDestructiveDelete a subdomain
-
remove_2faDestructiveRemove/disable two-factor authentication from the account
-
revoke_api_tokenDestructiveRevoke/delete an API token
-
revoke_mysql_privilegesDestructiveRevoke all privileges for a MySQL user on a database
-
revoke_postgresql_privilegesDestructiveRevoke a PostgreSQL user
-
unregister_passenger_appDestructiveUnregister/remove a Node.js, Python, or Ruby application
-
disinfect_filesDestructiveQuarantine/disinfect files detected as infected
-
kill_ftp_sessionDestructiveTerminate an active FTP session
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.