Critical-risk tools in Clevername
10 of the 67 tools in Clevername are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
agent__remove_dependencyDestructive 4/5Revoke an MCP server or skill dependency binding from an owned Guard API agent.
-
aithroyz_destroy_tenantDestructive 4/5Destroy all cloud resources for an Aithroyz tenant environment. This is irreversible.
-
delete_mcp_connectionDestructive 4/5Remove a registered MCP server connection.
-
delete_mcp_credentialDestructive 4/5Revoke and delete a stored MCP marketplace credential.
-
delete_memoryDestructive 4/5Delete a specific memory by its ID.
-
delete_projectDestructive 4/5Delete a project by ID.
-
guard_delete_agentDestructive 4/5Permanently deactivate an agent and revoke all its tokens. Audit history is retained. In-flight calls are rejected immediately after deletion. IRREVERSIBLE -- deactivated agent...
-
guard_onboard_agentDestructive 5/5Guard gives every AI agent a compliance boundary: stops budget overruns, blocks unauthorized tools, redacts PII, and enforces compliance frameworks (HIPAA/PCI/GDPR) -- without...
-
guard_revoke_tokenDestructive 4/5Revoke a cnk_* token by token_id. Rotates credentials without deactivating the agent. After revocation, calls using the old token return 401 immediately. TOKEN ROTATION WORKFLO...
-
sync_from_claude_configDestructive 4/5Scan your local Claude MCP config files and import registered servers into Clevername. HTTP/SSE servers become proxied MCP connections — once imported you can delete them from C...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Clevername
Enforce policy on Clevername
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init