Critical-risk tools in Whiteboard
8 of the 47 tools in Whiteboard are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
canvas_clearDestructiveSoft-delete all non-deleted elements on the canvas in one snapshot/commit/broadcast. Tombstone semantics identical to delete_element. Returns { clearedCount }. Idempotent: a sec...
-
delete_elementDestructiveSoft-delete an element by setting isDeleted=true (tombstone). The element stays in the LoroList so the delete op propagates across clients; Excalidraw hides it automatically.
-
delete_elementsDestructiveSoft-delete multiple elements in one snapshot/commit/broadcast. All-or-nothing: if any id is missing, nothing is deleted. Duplicates are deduped. Already-deleted ids are idempot...
-
delete_groupDestructiveSoft-delete all non-deleted elements belonging to a groupId in one snapshot/commit/broadcast. Returns { deletedElementIds }. Returns empty array if the group has no live members.
-
library_uninstallDestructiveRemove a previously installed library URL from the session registry.
-
palette_deleteDestructiveDelete keys from the workspace color palette and return the resulting palette.
-
user_library_metadata_deleteDestructiveDelete alias / note / scale keys from a user-level library metadata manifest. Requires the current revision and returns the updated manifest with revision + 1.
-
user_library_removeDestructiveDelete a user-level library by name. No-op if not found.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.