Critical-risk tools in Google Super
29 of the 200 tools in Google Super are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
GOOGLESUPER_BATCH_DELETE_MESSAGESDestructive 5/5Tool to permanently delete multiple Gmail messages in bulk. Use when you need to efficiently remove large numbers of emails (e.g., retention enforcement, mailbox hygiene).
-
GOOGLESUPER_CALENDARS_DELETEDestructive 4/5Deletes a secondary calendar. Use calendars.clear for clearing all events on primary calendars.
-
GOOGLESUPER_CLEAR_BASIC_FILTERDestructive 4/5Tool to clear the basic filter from a sheet. Use when you need to remove an existing basic filter from a specific sheet within a Google Spreadsheet.
-
GOOGLESUPER_CLEAR_CALENDARDestructive 4/5Clears a primary calendar. This operation deletes all events associated with the primary calendar of an account.
-
GOOGLESUPER_CLEAR_TASKSDestructive 4/5Permanently clears all completed tasks from a specified Google Tasks list; this action is destructive and idempotent.
-
GOOGLESUPER_CLEAR_VALUESDestructive 4/5Clears cell content (preserving formatting and notes) from a specified A1 notation range in a Google Spreadsheet; the range must correspond to an existing sheet and cells.
-
GOOGLESUPER_DELETE_COMMENTDestructive 4/5Deletes a comment from a file. Use when you need to remove a specific comment from a Google Drive file.
-
GOOGLESUPER_DELETE_CONTENT_RANGEDestructive 4/5Tool to delete a range of content from a Google Document. Use when you need to remove a specific portion of text or other structural elements within a document.
-
GOOGLESUPER_DELETE_DIMENSIONDestructive 4/5Tool to delete specified rows or columns from a sheet in a Google Spreadsheet. Use when you need to remove a range of rows or columns.
-
GOOGLESUPER_DELETE_DRAFTDestructive 4/5Permanently deletes a specific Gmail draft using its ID; ensure the draft exists and the user has necessary permissions for the given `user_id`.
-
GOOGLESUPER_DELETE_DRIVEDestructive 4/5Tool to permanently delete a shared drive. Use when you need to remove a shared drive and its contents (if specified).
-
GOOGLESUPER_DELETE_EVENTDestructive 4/5Deletes a specified event by `event_id` from a Google Calendar (`calendar_id`); this action is idempotent and raises a 404 error if the event is not found.
-
GOOGLESUPER_DELETE_FOOTERDestructive 4/5Tool to delete a footer from a Google Document. Use when you need to remove a footer from a specific section or the default footer.
-
GOOGLESUPER_DELETE_HEADERDestructive 4/5Deletes the header from the specified section or the default header if no section is specified. Use this tool to remove a header from a Google Document.
-
GOOGLESUPER_DELETE_MESSAGEDestructive 4/5Permanently deletes a specific email message by its ID from a Gmail mailbox; for `user_id`, use 'me' for the authenticated user or an email address to which the authenticated us...
-
GOOGLESUPER_DELETE_NAMED_RANGEDestructive 4/5Tool to delete a named range from a Google Document. Use when you need to remove a previously defined named range by its ID or name.
-
GOOGLESUPER_DELETE_PARAGRAPH_BULLETSDestructive 4/5Tool to remove bullets from paragraphs within a specified range in a Google Document. Use when you need to clear bullet formatting from a section of a document.
-
GOOGLESUPER_DELETE_PERMISSIONDestructive 4/5Deletes a permission from a file by permission ID. Use when you need to revoke access for a specific user or group from a file.
-
GOOGLESUPER_DELETE_REPLYDestructive 4/5Tool to delete a specific reply by reply ID. Use when you need to remove a reply from a comment on a file.
-
GOOGLESUPER_DELETE_SHEETDestructive 4/5Tool to delete a sheet (worksheet) from a spreadsheet. Use when you need to remove a specific sheet from a Google Sheet document.
-
GOOGLESUPER_DELETE_TABLEDestructive 5/5Tool to delete an entire table from a Google Document. Use when you have the document ID and the specific start and end index of the table element to be removed. The table's ran...
-
GOOGLESUPER_DELETE_TABLE_COLUMNDestructive 4/5Tool to delete a column from a table in a Google Document. Use this tool when you need to remove a specific column from an existing table within a document.
-
GOOGLESUPER_DELETE_TABLE_ROWDestructive 4/5Tool to delete a row from a table in a Google Document. Use when you need to remove a specific row from an existing table.
-
GOOGLESUPER_DELETE_TASKDestructive 4/5Deletes a specified task from a given task list in Google Tasks.
-
GOOGLESUPER_DELETE_TASK_LISTDestructive 4/5Permanently deletes an existing Google Task list, identified by `tasklist_id`, along with all its tasks; this operation is irreversible.
-
GOOGLESUPER_EMPTY_TRASHDestructive 5/5Tool to permanently delete all of the user's trashed files. Use when you want to empty the trash in Google Drive. This action allows you to permanently remove all files that are...
-
GOOGLESUPER_GOOGLE_DRIVE_DELETE_FOLDER_OR_FILE_ACTIONDestructive 4/5Tool to delete a file or folder in Google Drive. Use when you need to permanently remove a specific file or folder using its ID. Note: This action is irreversible.
-
GOOGLESUPER_HIDE_DRIVEDestructive 4/5Tool to hide a shared drive from the default view. Use when you want to remove a shared drive from the user's main Google Drive interface without deleting it.
-
GOOGLESUPER_REMOVE_ATTENDEEDestructive 4/5Removes an attendee from a specified event in a Google Calendar; the calendar and event must exist.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Google Super
Enforce policy on Google Super
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init