Critical-risk tools in BorealHost
14 of the 95 tools in BorealHost are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_scheduled_snapshotDestructiveCancel a scheduled snapshot. Requires: API key with write scope. Args: slug: Site identifier schedule_id: UUID of the scheduled snapshot to cancel Returns: {"succ...
-
cloudflare_purge_cacheDestructivePurge Cloudflare CDN cache for a site. Without urls: purges all cached content for the site's subdomain. With urls: purges only the specified URLs (max 30 per call). Requires:...
-
decommissionDestructiveDelete a site and schedule resource cleanup (7-day grace period). WARNING: This is destructive. The site will be inaccessible immediately but data is retained for 7 days before...
-
delete_accountDestructivePermanently anonymize the account. Cancels subscriptions, deactivates keys. WARNING: This is irreversible. The account will be soft-deleted and all personal data anonymized. Al...
-
delete_alert_ruleDestructiveDelete an alert rule. Requires: API key with write scope. Args: slug: Site identifier rule_id: UUID of the alert rule to delete Returns: {"deleted": true, "id": "...
-
delete_cronDestructiveDelete a cron job by line number. Get line numbers from list_cron(). Requires: API key with write scope. Args: slug: Site identifier line_number: Line number of the c...
-
delete_domain_dnsDestructiveDelete a DNS record from a domain. Requires: API key with write scope. Args: domain_name: Full domain name (e.g. "example.com") record_id: ID of the DNS record to dele...
-
delete_fileDestructiveDelete a file or directory from a site's container. Directories are deleted recursively. Protected system paths (e.g. /etc, /usr) cannot be deleted. Requires: API key with wri...
-
delete_snapshotDestructiveDelete a snapshot (local or B2). Requires: API key with write scope. Args: slug: Site identifier snapshot_id: UUID of the snapshot to delete Returns: {"success": ...
-
get_checkout_statusDestructivePoll a checkout session for status updates. Call this after complete_checkout to track payment and provisioning. Polling strategy: - First 60 seconds: every 5 seconds - After ...
-
remove_firewall_ruleDestructiveRemove an IP firewall rule and reload Nginx. Requires: API key with write scope. Args: slug: Site identifier ip: IP address or CIDR to remove (must match exactly) Ret...
-
remove_ftp_accountDestructiveRemove an FTP account from a site. Requires: API key with write scope. Args: slug: Site identifier username: FTP username to remove Returns: {"removed": true, "us...
-
request_api_keyDestructiveRequest an API key for a site you are running on (challenge-response). This starts a two-step verification flow: 1. A claim token is written to your container at ~/.borealhost/...
-
revoke_api_keyDestructiveRevoke (deactivate) an API key. The key stops working immediately. Requires: API key with write scope. Args: key_id: UUID of the key to revoke (from list_api_keys or whoam...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.