Critical-risk tools in Binalyze AIR MCP Server
17 of the 116 tools in Binalyze AIR MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_task_assignmentDestructive 4/5Cancel a task assignment by its ID
-
cancel_task_by_idDestructive 4/5Cancel a specific task by its ID
-
delete_auto_asset_tag_by_idDestructive 4/5Delete a specific auto asset tag rule by its ID
-
delete_note_from_caseDestructive 4/5Delete a note from a case by its ID
-
delete_organizationDestructive 4/5Delete an organization by its ID
-
delete_policy_by_idDestructive 4/5Delete a specific policy by its ID
-
delete_repositoryDestructive 4/5Delete an evidence repository by its ID
-
delete_tags_from_organizationDestructive 4/5Delete specific tags from an organization
-
delete_task_assignmentDestructive 4/5Delete a specific task assignment by its ID
-
delete_task_by_idDestructive 4/5Delete a specific task by its ID
-
delete_triage_ruleDestructive 4/5Delete an existing triage rule by ID
-
purge_and_uninstall_assetsDestructive 4/5Purge data and uninstall specific assets based on filters. Requires specifying `filter.includedEndpointIds`.
-
remove_endpoints_from_caseDestructive 4/5Remove endpoints from a case based on specified filters
-
remove_tags_from_assetsDestructive 4/5Remove tags from specific assets based on filters. Requires specifying `filter.includedEndpointIds` and `tags`.
-
remove_task_assignment_from_caseDestructive 4/5Remove a specific task assignment from a case
-
remove_user_from_organizationDestructive 4/5Remove a user from an organization
-
uninstall_assetsDestructive 4/5Uninstall specific assets based on filters without purging data. Requires specifying `filter.includedEndpointIds`.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Binalyze AIR MCP Server
Enforce policy on Binalyze AIR MCP Server
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init