Critical-risk tools in Storyblok MCP Server
27 of the 159 tools in Storyblok MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
bulk_delete_storiesDestructiveDeletes multiple stories in Storyblok.
-
delete_access_tokenDestructiveDelete an access token from the current Storyblok space using the Management API.
-
delete_approvalDestructiveDeletes an approval from a specified Storyblok space.
-
delete_assetDestructiveDeletes an asset from Storyblok.
-
delete_asset_folderDestructiveDelete an asset folder from the current Storyblok space.
-
delete_branchDestructiveDeletes a branch (pipeline) by its ID in a Storyblok space.
-
delete_collaboratorDestructiveDeletes a collaborator from a specified Storyblok space.
-
delete_commentDestructiveDeletes a comment from a discussion via the Storyblok Management API.
-
delete_componentDestructiveDeletes a component by ID.
-
delete_component_folderDestructiveDeletes a component folder (component group) by its ID.
-
delete_datasourceDestructiveDeletes a datasource from a specified Storyblok space.
-
delete_datasource_entryDestructiveDeletes a datasource entry from a specified Storyblok space using the Management API.
-
delete_extensionDestructiveDeletes an existing extension in the specified context (organization or partner).
-
delete_field_pluginDestructiveDeletes a field plugin by its ID.
-
delete_internal_tagDestructiveDeletes an internal tag (asset/component) in a specified Storyblok space.
-
delete_multiple_assetsDestructiveDeletes multiple assets by numeric IDs using the Storyblok Management API.
-
delete_presetDestructiveDeletes a preset from a Storyblok space using the Management API.
-
delete_releaseDestructiveDeletes a release.
-
delete_spaceDestructivePermanently deletes a Storyblok space using the Management API.
-
delete_space_roleDestructiveDeletes a space role using the Storyblok Management API.
-
delete_storyDestructiveDeletes a story by ID.
-
delete_story_scheduleDestructiveDeletes a story schedule entry via the Storyblok Management API.
-
delete_tagDestructiveDeletes a tag from Storyblok.
-
delete_taskDestructiveDeletes an existing task in a specified Storyblok space using the Management API.
-
delete_webhookDestructiveDeletes an existing webhook endpoint in a specified Storyblok space.
-
delete_workflowDestructiveDeletes a workflow by its ID in a Storyblok space via the Management API.
-
delete_workflow_stageDestructiveDeletes a workflow stage in a Storyblok space via the Management API.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.