Critical-risk tools in Coolify

Critical severity Coolify MCP Server 11 of 39 tools

11 of the 39 tools in Coolify are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

application Destructive 5/5

Create, update, or delete applications
cloud_tokens Destructive 5/5

Manage cloud provider tokens (CRUD)
database Destructive 5/5

Create or delete databases
database_backups Destructive 5/5

Manage database backup schedules
deployment Destructive 4/5

Manage deployments (get, cancel, list)
env_vars Destructive 5/5

Manage environment variables (CRUD)
environments Destructive 5/5

Manage environments (list, get, create, delete)
github_apps Destructive 5/5

Manage GitHub App integrations (CRUD)
private_keys Destructive 5/5

Manage SSH keys (CRUD)
projects Destructive 5/5

Manage projects (list, get, create, update, delete)
service Destructive 5/5

Create, update, or delete services

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Coolify

Tools at critical risk

Attacks that target this class

More on Coolify

Enforce policy on Coolify