Critical-risk tools in Devbox
2 of the 38 tools in Devbox are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
devbox_projectsDestructive 4/5Project CRUD. action: list | get | create | update | delete | provision_repo. Use list to discover project_id; provision_repo when project has no repo yet.
-
devbox_runs_cancel_allDestructive 5/5Cancel all non-terminal runs for a project. Use when cleaning up stuck or unwanted runs.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Devbox
Enforce policy on Devbox
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init