Critical-risk tools in Spaceship
5 of the 48 tools in Spaceship are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_dns_recordsDestructiveDelete specific DNS records from a domain by name and type. Only records matching both the name AND type will be removed. Other records are not affected.
-
delete_personal_nameserverDestructiveDelete a personal nameserver host from a domain. This removes the glue record at the registry.
-
delete_sellerhub_domainDestructiveRemove a domain from the SellerHub marketplace. This deletes the listing permanently — any existing checkout links will stop working.
-
set_transfer_lockFinancialEnable or disable transfer lock for a domain.
-
transfer_domainFinancialTransfer a domain TO Spaceship from another registrar. WARNING: This is a FINANCIAL operation that will charge money to the Spaceship account (transfers typically include a 1-ye...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.