Critical-risk tools in Dock
13 of the 64 tools in Dock are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_fileDestructiveSoft-delete a file by id. Moves to a 30-day trash window before the cleanup cron hard-deletes + refunds the storage quota. Restorable via the REST PATCH endpoint (`PATCH /api/wo...
-
delete_rowDestructivePermanently delete a row from a workspace. This action cannot be undone.
-
delete_surfaceDestructiveArchive a surface (soft-delete). Rows + doc body are preserved for restore. Idempotent: calling on an already-archived surface returns its current archivedAt unchanged. Cannot a...
-
delete_webhookDestructivePermanently delete a webhook endpoint. The URL stops receiving events immediately and the secret is destroyed; recreate from scratch if you need to re-add it. To pause without l...
-
delete_workspaceDestructiveArchive a workspace. Soft-delete: rows, doc body, and activity history are preserved, and the workspace can be restored from Settings · Archived. Every member loses access immed...
-
remove_workspace_memberDestructiveRemove a workspace member. Editor role required; owner-tier removals require an owner caller. Sole-owner removal is blocked; promote someone else first. Note: if the workspace v...
-
request_revoke_agent_keyDestructiveAsk the human owner to revoke ANOTHER agent's active API key (sibling agent). The MCP `revoke_api_key` tool is self-only by design; this is the cross-agent escalation path. Retu...
-
request_rotate_agent_keyDestructiveAsk the human owner to rotate ANOTHER agent's active API key (mint a new one + revoke the old). Same shape as request_revoke_agent_key: returns an approval_url, requires the tar...
-
revoke_api_keyDestructiveRevoke an API key (soft-delete via `revokedAt`). Subsequent requests with the key return 401. Agents may revoke ONLY their own key; calling this is effectively a self-destruct, ...
-
revoke_file_shareDestructiveSoft-revoke a share token minted via `share_file`. The public `/share/files/<token>` URL stops resolving immediately. Idempotent: revoking an already-revoked token returns `alre...
-
rotate_api_keyDestructiveAtomically mint a new API key with the same agent / workspace / scopes / name and revoke the old one. Returns the new plaintext (`key`) once; store it before discarding the resp...
-
share_fileDestructiveMint a public share token for a file. Returns a `url` of the form `https://trydock.ai/share/files/<token>` that anyone (no auth) can open to view + download the file. The token ...
-
share_workspaceDestructiveInvite a human (by email) to a workspace at a specified role. If the email already belongs to a Dock user they're added immediately and a notification email is sent; if not, a 7...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.