Critical-risk tools in Mcp Wikijs Mv
11 of the 64 tools in Mcp Wikijs Mv are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
wiki_apikey_revokeDestructiveRevoke a Wiki.js API key by id.
-
wiki_asset_deleteDestructiveDelete an asset (file) by id.
-
wiki_assets_flush_tempDestructiveFlush temporary/abandoned uploads.
-
wiki_comment_deleteDestructiveDelete a comment by id.
-
wiki_group_deleteDestructiveDelete a group by id.
-
wiki_page_deleteDestructivePermanently delete a single page, identified by id OR path+locale.
-
wiki_pages_delete_batchDestructiveDelete multiple pages by ids, by paths, and/or by a wildcard path pattern (e.g.
-
wiki_pages_delete_treeDestructiveDelete a page subtree under rootPath. mode:
-
wiki_pages_purge_historyDestructivePurge page version history older than a duration (e.g.
-
wiki_tag_deleteDestructiveDelete a tag by id.
-
wiki_user_deleteDestructiveDelete a user. Content owned by the user is reassigned to replaceId.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.