Critical-risk tools in Yaver
46 of the 1060 tools in Yaver are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
acl_remove_peerDestructiveDisconnect from an MCP peer.
-
cancel_scheduleDestructiveCancel/remove a scheduled task by ID.
-
cargo_remove_crateDestructiveRemove a Rust dependency.
-
cloud_destroyDestructiveTear down Yaver Cloud deployment (exports data first).
-
companion_downDestructiveDisarm a companion project: remove its scheduled crons and stop/remove its durable service units.
-
db_resetDestructiveDrop all tables, re-migrate, and re-seed. Requires force=true.
-
dns_flushDestructiveRemove all yaver-managed DNS entries and flush DNS cache.
-
dns_removeDestructiveDelete a DNS record by id (Cloudflare only — returns a manual removal hint otherwise). Owner-only.
-
docker_rmDestructiveRemove a container.
-
docker_rmiDestructiveRemove an image.
-
feedback_deleteDestructiveRemove a feedback report. Destructive.
-
forgot_passwordDestructiveSend a password reset email to an email-authenticated Yaver user. The reset link expires in 1 hour. Rate-limited to 5 requests per email per day.
-
form_deleteDestructiveDelete a form and its submission log.
-
git_stashDestructiveManage git stashes (list, save, pop, apply, drop).
-
guest_revokeDestructiveRevoke guest access for an email address. Removes both pending invitations and active access.
-
jobs_cancelDestructiveDrop a pending queue job.
-
machine_onboarding_removeDestructiveRemove GitHub/GitLab onboarding from the local machine or from one or more owned Yaver machines. Can remove clone credentials, CI/deploy vault tokens, or both.
-
machine_removeDestructivePermanently remove Yaver from this owned host machine: unregister the device, remove auto-start service, wipe ~/.yaver, then shut the agent down. Requires confirm=true and phras...
-
mail_dev_clearDestructiveDelete all caught emails.
-
mock_resetDestructiveClear all mock routes and recordings.
-
models_removeDestructiveRemove an Ollama model to free disk space.
-
newsletter_sendDestructiveBroadcast a newsletter campaign to all confirmed subscribers via the SMTP relay. This is irreversible.
-
opsDestructiveRun one verb on one machine. Single API for every Yaver capability (info, run, build, test, deploy, push, reload, logs, status, env, session, scale, provision, destroy, ...). Di...
-
phone_project_deleteDestructiveDelete a phone project (removes the SQLite file and manifest).
-
pipeline_cancel_cloudDestructiveCancel running GitHub Actions or GitLab CI for the current commit to save cloud CI costs.
-
platform_removeDestructiveRemove a deployed app.
-
proxy_removeDestructiveRemove a reverse proxy route.
-
relay_clear_passwordDestructiveRemove the default relay server password.
-
remote_destroyDestructiveDestroy a remote VPS.
-
remove_relay_serverDestructiveRemove a relay server by ID.
-
routine_deleteDestructivePermanently remove a routine. In-flight verb dispatches already issued will still complete; future fires are cancelled.
-
runner_auth_browser_cancelDestructiveCancel a running runner browser-auth session on the local or a remote machine.
-
screenlog_killDestructivePANIC STOP for the screen black box: stops the live session, disarms reboot auto-resume, AND flips the master kill-switch so nothing (local/remote/mesh/autostart) can record aga...
-
services_removeDestructiveRemove a service from the local stack.
-
shared_storage_deleteDestructiveDelete a shared storage profile.
-
short_deleteDestructiveDelete a short URL.
-
sourcemaps_deleteDestructiveRemove the source map for a specific app + version tuple. Destructive.
-
tunnel_removeDestructiveRemove a Cloudflare Tunnel by ID or URL.
-
ufwDestructiveManage UFW firewall (status, allow, deny, delete).
-
waitlist_deleteDestructiveRemove a waitlist entry by email.
-
yaver_ask_userDestructiveAsk the human running this Yaver task a single structured question (Claude-Code-style: short 'header' chip + 2-4 'choices', optional multi-select, free-text 'Other' is always of...
-
yaver_auth_factory_resetDestructiveReset local Yaver auth state on this machine, then restart sign-in from the canonical hosted backend. Useful when browser OAuth succeeded but the local agent kept validating aga...
-
yaver_auth_logoutDestructiveClear the saved Yaver auth token from ~/.yaver/config.json on this machine. Daemon is left running — call agent_shutdown separately if you want to stop it.
-
yaver_auth_unlinkDestructiveRemove an OAuth provider from the currently signed-in account. Refuses if it is the ONLY sign-in method (would lock the user out). If the unlinked provider was the primary one, ...
-
yaver_clear_logsDestructiveClear the agent log file.
-
session_transferFinancialTransfer an AI agent session from THIS machine to another device in one step. The session (conversation history, agent state, optionally workspace) is packaged, sent to the targ...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.