Critical-risk tools in Salesforce MCP Server
4 of the 41 tools in Salesforce MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
clear_default_orgDestructiveClear the default target org from the Salesforce CLI configuration. After clearing, all tools will require an explicit targetOrg parameter until a new default is set.
-
delete_recordDestructiveDelete a record from a Salesforce org using the REST API. Permanently removes the specified record. Input must be a JSON object with keys: sObject (string), recordId (string), a...
-
package_uninstallDestructiveUninstall a second-generation package from the target org. Specify the package ID (starts with 04t) or alias for the package to uninstall.
-
logoutDestructiveLog out of a Salesforce org. Use targetOrg to logout of a specific org, or set all to true to logout of all orgs. The logout is performed with --no-prompt flag to avoid confirma...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.