Critical-risk tools in Frihet ERP
15 of the 72 tools in Frihet ERP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_clientDestructivePermanently delete a client by their ID. This action cannot be undone.
-
delete_client_contactDestructivePermanently delete a contact from a client. This action cannot be undone.
-
delete_client_noteDestructivePermanently delete a note from a client. This action cannot be undone.
-
delete_expenseDestructivePermanently delete an expense by its ID. This action cannot be undone.
-
delete_invoiceDestructivePermanently delete an invoice by its ID. This action cannot be undone.
-
delete_productDestructivePermanently delete a product by its ID. This action cannot be undone.
-
delete_quoteDestructivePermanently delete a quote by its ID. This action cannot be undone.
-
delete_vendorDestructivePermanently delete a vendor by their ID. This action cannot be undone.
-
delete_webhookDestructivePermanently delete a webhook by its ID. Notifications will stop immediately.
-
apply_depositFinancialApply a deposit to an invoice or mark it as used.
-
create_depositFinancialRecord a new deposit from a client. Requires clientId and amount.
-
delete_depositFinancialPermanently delete a deposit by its ID. This action cannot be undone.
-
refund_depositFinancialRefund a deposit back to the client.
-
send_invoiceFinancialSend an invoice to the client via email. Optionally override the recipient email address.
-
update_depositFinancialUpdate an existing deposit using PATCH semantics. Only the provided fields will be changed.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.