Critical-risk tools in Kinsta MCP Server
9 of the 76 tools in Kinsta MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
kinsta.backups.deleteDestructiveDelete a backup. This action cannot be undone.
-
kinsta.backups.restoreDestructiveRestore an environment from a backup. This will overwrite the current environment. Returns an operation_id.
-
kinsta.dns.records.deleteDestructiveDelete a DNS record from a domain.
-
kinsta.domains.deleteDestructiveRemove custom domains from an environment.
-
kinsta.environments.deleteDestructiveDelete an environment. This action cannot be undone.
-
kinsta.environments.redirects.updateDestructiveCreate, update, or delete redirect rules for an environment.
-
kinsta.sftp-users.removeDestructiveRemove an additional SFTP/SSH user account from an environment.
-
kinsta.sites.deleteDestructiveDelete a Kinsta site permanently. This action cannot be undone.
-
kinsta.sites.resetDestructiveReset a Kinsta site to a fresh WordPress install. This removes all existing data.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.