Critical-risk tools in MikroTik Cursor MCP
60 of the 452 tools in MikroTik Cursor MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
mikrotik_clear_address_listDestructiveRemoves all entries from a specific address list (⚠️ destructive!)
-
mikrotik_clear_logsDestructiveClears all logs from MikroTik device
-
mikrotik_delete_custom_chainDestructiveDelete a custom chain and all its rules (⚠️ destructive!)
-
mikrotik_remove_address_list_entryDestructiveRemoves an entry from a firewall address list
-
mikrotik_remove_bonding_interfaceDestructiveRemove bonding interface
-
mikrotik_remove_bridge_portDestructiveRemoves an interface from its bridge
-
mikrotik_remove_bridge_vlanDestructiveRemoves VLAN configuration from a bridge
-
mikrotik_remove_capsman_configurationDestructiveRemoves a CAPsMAN configuration profile
-
mikrotik_remove_capsman_datapathDestructiveRemoves a CAPsMAN datapath configuration
-
mikrotik_remove_capsman_provisioning_ruleDestructiveRemoves a CAPsMAN provisioning rule
-
mikrotik_remove_certificateDestructiveRemoves a certificate from the device
-
mikrotik_remove_containerDestructiveRemoves a container
-
mikrotik_remove_container_envDestructiveRemoves container environment
-
mikrotik_remove_container_mountDestructiveRemoves container mount
-
mikrotik_remove_container_vethDestructiveRemoves container veth interface
-
mikrotik_remove_dhcp_serverDestructiveRemoves a DHCP server from MikroTik device
-
mikrotik_remove_dhcpv6_clientDestructiveRemoves a DHCPv6 client
-
mikrotik_remove_dhcpv6_leaseDestructiveRemoves a DHCPv6 lease
-
mikrotik_remove_dhcpv6_optionDestructiveRemoves a DHCPv6 option
-
mikrotik_remove_dhcpv6_serverDestructiveRemoves a DHCPv6 server
-
mikrotik_remove_dns_staticDestructiveRemoves a static DNS entry
-
mikrotik_remove_eoip_tunnelDestructiveRemove EoIP tunnel
-
mikrotik_remove_fileDestructiveRemoves a file from MikroTik device
-
mikrotik_remove_filter_ruleDestructiveRemoves a firewall filter rule from MikroTik device
-
mikrotik_remove_gre_tunnelDestructiveRemove GRE tunnel
-
mikrotik_remove_hotspot_serverDestructiveRemove hotspot server
-
mikrotik_remove_ip_addressDestructiveRemoves an IP address from MikroTik device
-
mikrotik_remove_ip_poolDestructiveRemoves an IP pool from MikroTik device
-
mikrotik_remove_ipv6_addressDestructiveRemoves an IPv6 address
-
mikrotik_remove_ipv6_address_list_entryDestructiveRemoves IPv6 address list entry
-
mikrotik_remove_ipv6_filter_ruleDestructiveRemoves an IPv6 firewall filter rule
-
mikrotik_remove_ipv6_mangle_ruleDestructiveRemoves an IPv6 mangle rule
-
mikrotik_remove_ipv6_nat_ruleDestructiveRemoves an IPv6 NAT rule
-
mikrotik_remove_ipv6_poolDestructiveRemoves an IPv6 pool
-
mikrotik_remove_ipv6_routeDestructiveRemoves an IPv6 route
-
mikrotik_remove_layer7_protocolDestructiveRemove Layer 7 protocol matcher
-
mikrotik_remove_mangle_ruleDestructiveRemove firewall mangle rule
-
mikrotik_remove_nat_ruleDestructiveRemoves a NAT rule from MikroTik device
-
mikrotik_remove_openvpn_interfaceDestructiveRemoves an OpenVPN interface
-
mikrotik_remove_pcq_queueDestructiveRemoves a PCQ queue type
-
mikrotik_remove_pppoe_clientDestructiveRemove PPPoE client interface
-
mikrotik_remove_queue_treeDestructiveRemoves a queue tree entry
-
mikrotik_remove_raw_ruleDestructiveRemove firewall RAW rule
-
mikrotik_remove_routeDestructiveRemoves a route from MikroTik routing table
-
mikrotik_remove_scheduled_taskDestructiveRemoves a scheduled task
-
mikrotik_remove_simple_queueDestructiveRemoves a simple queue
-
mikrotik_remove_userDestructiveRemoves a user from MikroTik device
-
mikrotik_remove_user_groupDestructiveRemoves a user group from MikroTik device
-
mikrotik_remove_user_ssh_keyDestructiveRemoves an SSH key
-
mikrotik_remove_vlan_interfaceDestructiveRemoves a VLAN interface from MikroTik device
-
mikrotik_remove_vrrp_interfaceDestructiveRemove VRRP interface
-
mikrotik_remove_wireguard_interfaceDestructiveRemoves a WireGuard interface
-
mikrotik_remove_wireguard_peerDestructiveRemoves a WireGuard peer
-
mikrotik_remove_wireless_access_list_entryDestructiveRemoves a wireless access list entry (legacy systems only)
-
mikrotik_remove_wireless_interfaceDestructiveRemoves a wireless interface from MikroTik device
-
mikrotik_remove_wireless_security_profileDestructiveRemoves a wireless security profile (legacy systems only)
-
mikrotik_reset_watchdog_ping_targetDestructiveRemoves the ping target from watchdog monitoring
-
mikrotik_restore_backupDestructiveRestores a system backup on MikroTik device
-
mikrotik_revoke_certificateDestructiveRevokes a certificate (marks as not trusted)
-
mikrotik_uninstall_packageDestructiveUninstalls a package (⚠️ requires reboot)
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.