Critical-risk tools in Claude Code Toolkit

Critical severity Claude Code Toolkit MCP Server 5 of 40 tools

5 of the 40 tools in Claude Code Toolkit are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

cleanup_backups Destructive

Delete old backup files to free up disk space.
wipe_traces Destructive

Securely wipe ALL Claude Code traces. Overwrites files with zeros before deletion. Requires explicit confirmation.
clean_claude_directory Destructive

Analyze and clean the .claude directory. Removes debug logs, empty todos, old snapshots, and orphaned data to free disk space.
clean_traces Destructive

Selectively clean Claude Code traces by category, age, or project.
enforce_retention Destructive

Apply data retention policy by deleting sessions older than specified days.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Claude Code Toolkit

Tools at critical risk

Attacks that target this class

More on Claude Code Toolkit

Enforce policy on every Claude Code Toolkit tool call.