Critical-risk tools in Run402
30 of the 171 tools in Run402 are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
admin_archive_projectDestructiveOperator moderation action — archive a single project (sets
-
assets_rmDestructiveDelete a blob from project storage and decrement the project
-
ci_revoke_bindingDestructiveRevoke one CI/OIDC deploy binding. Revocation stops future CI gateway requests, but does not undo already deployed releases or rotate secrets.
-
delete_functionDestructiveDelete a deployed function from a project.
-
delete_mailboxDestructiveDelete the project
-
delete_mailbox_webhookDestructiveDelete a webhook. Idempotent — succeeds even if already deleted.
-
delete_passkeyDestructiveDelete one authenticated-user passkey by id.
-
delete_projectDestructiveImmediately and irreversibly delete a project: the gateway runs the full destructive cascade (drop tenant schema, delete Lambda functions, release subdomains, tombstone mailbox,...
-
delete_secretDestructiveDelete a secret from a project.
-
delete_signerDestructiveSchedule the KMS key for a signer for deletion (7-day AWS minimum window). Refused if the signer has on-chain balance ≥ dust — drain first.
-
delete_subdomainDestructiveRelease a custom subdomain. The URL will stop serving content.
-
delete_versionDestructiveDelete a published app version.
-
drain_signerDestructiveDrain a KMS signer
-
jobs_cancelDestructiveCancel a queued or running managed job.
-
jobs_purgeDestructivePurge all managed job runs for a project, terminating known active runners first.
-
remove_custom_domainDestructiveRelease a custom domain mapping. Traffic to the domain will no longer route to Run402.
-
remove_org_memberDestructiveRemove a member from an org. Requires an active
-
remove_sender_domainDestructiveRemove a project
-
revoke_project_grantDestructiveRevoke a per-project capability grant by id. Params:
-
accept_project_transferFinancialAccept an incoming WALLET transfer (v1.93+). Your wallet must equal the transfer
-
allowance_createFinancialCreate a new local agent allowance (Base Sepolia testnet). Generates a private key and derives the Ethereum address. Saved to ~/.config/run402/allowance.json.
-
contract_callFinancialSubmit a smart-contract write call from a KMS signer. The gateway encodes via viem, signs the digest via AWS KMS, and broadcasts. Idempotent on optional idempotency_key. Cost: c...
-
create_checkoutFinancialCreate a Stripe checkout URL for an organization. Products: balance_topup, tier, email_pack.
-
create_project_grantFinancialIssue a per-project capability grant to a wallet (for agent/CI principals that aren
-
generate_imageFinancialGenerate a PNG image from a text prompt. Costs $0.03 USDC via x402. Aspect ratios: square (1:1), landscape (16:9), portrait (9:16).
-
initiate_project_transferFinancialInitiate a project transfer (owned-org recipient shape v1.96+). Addressed to a WALLET (
-
provision_signerFinancialProvision an AWS KMS-backed Ethereum signer for signing smart-contract write transactions. Private keys never leave KMS. Cost: $0.04/day rental ($1.20/month) plus $0.000005 per ...
-
request_faucetFinancialRequest free testnet USDC from the Run402 faucet (Base Sepolia). Rate limit: 1 per IP per 24h. Returns 0.25 USDC — enough for 2 prototype databases.
-
set_auto_rechargeFinancialEnable or disable automatic email pack repurchase when credits drop below a threshold. Requires a saved Stripe payment method.
-
set_tierFinancialSubscribe, renew, or upgrade tier. Auto-detects action based on allowance state. Returns success or payment details if x402 payment is needed.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.