Critical-risk tools in Mcp Sitecore
24 of the 153 tools in Mcp Sitecore are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
common-remove-archive-itemDestructive 4/5Removes items permanently from the specified archive.
-
common-remove-base-template-by-idDestructive 4/5Removes a base template from a template item by its ID.
-
common-remove-base-template-by-pathDestructive 5/5Removes a base template from a template item by its path.
-
common-remove-item-version-by-idDestructive 4/5Removes a version of a Sitecore item by ID.
-
common-remove-item-version-by-pathDestructive 5/5Removes a version of a Sitecore item by path.
-
common-reset-item-field-by-idDestructive 4/5Resets item fields, specified as either names, fields or template fields by ID.
-
common-reset-item-field-by-pathDestructive 5/5Resets item fields, specified as either names, fields or template fields by path.
-
indexing-remove-search-index-item-by-idDestructive 4/5Removes the item with the specified ID from the search index. Supports wildcard filtering for the index name.
-
indexing-remove-search-index-item-by-pathDestructive 5/5Removes the item with the specified path from the search index. Supports wildcard filtering for the index name.
-
item-service-delete-itemDestructive 4/5Delete a Sitecore item by its ID.
-
presentation-remove-placeholder-setting-by-idDestructive 4/5Removes placeholder setting from the item specified by ID.
-
presentation-remove-placeholder-setting-by-pathDestructive 4/5Removes placeholder setting from the item specified by path.
-
presentation-remove-rendering-by-idDestructive 4/5Removes renderings from an item by owners item ID.
-
presentation-remove-rendering-by-pathDestructive 5/5Removes renderings from an item by owners item path.
-
presentation-remove-rendering-parameter-by-idDestructive 4/5Removes the specified rendering parameter from the rendering placed on the item specified by ID.
-
presentation-remove-rendering-parameter-by-pathDestructive 4/5Removes the specified rendering parameter from the rendering placed on the item specified by path.
-
presentation-reset-layout-by-idDestructive 4/5Resets the layout of an item by Id.
-
presentation-reset-layout-by-pathDestructive 5/5Resets the layout of an item by path.
-
security-clear-item-acl-by-idDestructive 4/5Clears all access rules from a Sitecore item by its ID.
-
security-clear-item-acl-by-pathDestructive 5/5Clears all access rules from a Sitecore item by its path.
-
security-remove-domainDestructive 4/5Removes a Sitecore domain.
-
security-remove-roleDestructive 4/5Removes a Sitecore role.
-
security-remove-role-memberDestructive 4/5Removes members from a Sitecore role.
-
security-remove-userDestructive 4/5Removes the Sitecore user.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Mcp Sitecore
Enforce policy on Mcp Sitecore
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init