Critical-risk tools in 0nmcp
57 of the 407 tools in 0nmcp are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
crm_bulk_delete_social_postsDestructiveBulk delete multiple social media posts at once.
-
crm_cancel_scheduled_messageDestructiveCancel a previously scheduled message.
-
crm_delete_agentDestructiveDelete an Agent Studio agent and all its versions.
-
crm_delete_associationDestructiveDelete an association.
-
crm_delete_blocked_slotDestructiveDelete a blocked time slot from the CRM by its ID.
-
crm_delete_blog_authorDestructiveDelete a blog author by ID.
-
crm_delete_blog_categoryDestructiveDelete a blog category by ID.
-
crm_delete_blog_postDestructiveDelete a blog post by ID.
-
crm_delete_businessDestructivePermanently delete a business entry by ID.
-
crm_delete_calendarDestructiveDelete a calendar from the CRM by its ID.
-
crm_delete_calendar_groupDestructiveDelete a calendar group from the CRM by its ID.
-
crm_delete_calendar_resourceDestructiveDelete a calendar resource from the CRM by its ID.
-
crm_delete_contactDestructiveDelete a contact by ID.
-
crm_delete_contact_noteDestructiveDelete a note from a contact.
-
crm_delete_contact_taskDestructiveDelete a task from a contact.
-
crm_delete_conversationDestructiveDelete a conversation by its ID.
-
crm_delete_couponDestructiveDelete a coupon by ID.
-
crm_delete_custom_fieldDestructiveDelete a custom field from a location.
-
crm_delete_custom_valueDestructiveDelete a custom value from a location.
-
crm_delete_emailDestructiveDelete an email by its ID.
-
crm_delete_eventDestructiveDelete a calendar event from the CRM by its ID.
-
crm_delete_invoiceDestructiveDelete an invoice by ID.
-
crm_delete_invoice_scheduleDestructiveDelete an invoice schedule by ID.
-
crm_delete_invoice_templateDestructiveDelete an invoice template by ID.
-
crm_delete_knowledge_baseDestructiveDelete a knowledge base and all its sources/content.
-
crm_delete_location_tagDestructiveDelete a tag from a location.
-
crm_delete_media_fileDestructiveDelete a media file from the CRM file library.
-
crm_delete_object_recordDestructivePermanently delete a custom object record by schema key and record ID.
-
crm_delete_opportunityDestructivePermanently delete an opportunity by its ID.
-
crm_delete_pipelineDestructivePermanently delete a pipeline and all its stages.
-
crm_delete_priceDestructiveDelete a price from a product.
-
crm_delete_productDestructiveDelete a product by its ID.
-
crm_delete_redirectDestructiveDelete a redirect by ID.
-
crm_delete_relationDestructiveDelete a relation.
-
crm_delete_social_accountDestructiveDelete a connected social media account.
-
crm_delete_social_categoryDestructiveDelete a social media post category.
-
crm_delete_social_postDestructiveDelete a social media post by ID.
-
crm_delete_templateDestructiveDelete a template from a location.
-
crm_delete_trigger_linkDestructiveDelete a trigger link by its ID.
-
crm_delete_userDestructivePermanently delete a CRM user by ID.
-
crm_delete_voice_actionDestructiveDelete a Voice AI action.
-
crm_delete_voice_agentDestructiveDelete a Voice AI agent.
-
crm_marketplace_uninstallDestructiveUninstall a marketplace app from a location.
-
crm_media_bulk_deleteDestructiveBulk delete or trash multiple files and folders.
-
crm_media_deleteDestructiveDelete a file or folder from the CRM media library.
-
crm_release_phone_numberDestructiveRelease (cancel) a phone number from a location.
-
crm_remove_contact_followersDestructiveRemove followers (users) from a contact.
-
crm_remove_contact_from_workflowDestructiveRemove a contact from an automation workflow.
-
crm_remove_contact_tagsDestructiveRemove one or more tags from a contact.
-
crm_remove_opportunity_followerDestructiveRemove a single follower from an opportunity.
-
vault_container_revokeDestructiveRevoke a vault container transfer ID. Once revoked, the transfer ID cannot be used again. Example: vault_container_revoke({ transferId:
-
crm_create_payment_configFinancialConfigure payment processing (Stripe) for a CRM location. This wires Stripe into the location so it can accept payments natively.
-
crm_create_payment_integrationFinancialCreate a new whitelabel payment integration.
-
crm_marketplace_chargeFinancialCharge a location for an add-on or service through the CRM marketplace billing. The CRM handles payment collection from the sub-account owner.
-
crm_marketplace_delete_chargeFinancialDelete/cancel a specific marketplace charge.
-
crm_send_invoiceFinancialSend an invoice to the recipient via email or SMS.
-
vault_container_transferFinancialRegister a vault container transfer and get a transfer ID. Transfer IDs are unique and cannot be reused (replay prevention). Example: vault_container_transfer({ file:
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.