Critical-risk tools in ExecuFunction

Critical severity ExecuFunction MCP Server 8 of 77 tools

8 of the 77 tools in ExecuFunction are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

calendar_delete_event Destructive

Delete a calendar event
code_memory_delete Destructive

Delete stored fact
codebase_delete Destructive

Delete a repository and all its indexed data (files, chunks, embeddings, snapshots)
dataset_mutate Destructive

Mutate dataset records (create/update/delete)
note_delete Destructive

Delete a note
organization_delete Destructive

Delete an organization (unlinks people but does not delete them)
person_delete Destructive

Delete a person/contact
task_delete Destructive

Delete a task

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in ExecuFunction

Tools at critical risk

Attacks that target this class

More on ExecuFunction

Let agents act without letting them run wild.