Critical-risk tools in Todoist MCP Server
5 of the 32 tools in Todoist MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_commentDestructivePermanently delete a comment by its unique identifier. This action will remove the comment from its associated task or project. This operation cannot be undone, so use with caut...
-
delete_labelDestructivePERMANENTLY delete a personal label by its ID. WARNING: This action is IRREVERSIBLE and will automatically remove the label from all associated tasks. Use with caution as delete...
-
delete_projectDestructivePermanently delete a Todoist project by its unique identifier. This action will remove the project and all associated tasks, sections, and comments. This operation cannot be und...
-
delete_sectionDestructivePermanently delete a Todoist section by its unique identifier. This action will remove the section and move any tasks in this section to the project
-
delete_taskDestructivePermanently delete a Todoist task by its unique identifier. This action will remove the task and all associated comments and attachments. If the task has subtasks, they will als...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.