Critical-risk tools in LLM CLI Gateway

Critical severity LLM CLI Gateway MCP Server 3 of 46 tools

3 of the 46 tools in LLM CLI Gateway are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

llm_job_cancel Destructive

Cancel a running gateway async or deferred-sync job by jobId.
session_clear_all Destructive

Delete all gateway session records, optionally scoped to one provider.
session_delete Destructive

Delete a gateway session record by ID (also removes any gateway-owned worktree attached to it).

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in LLM CLI Gateway

Tools at critical risk

Attacks that target this class

More on LLM CLI Gateway

Enforce policy on every LLM CLI Gateway tool call.