Critical-risk tools in Ontraport MCP Server
9 of the 51 tools in Ontraport MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_contactDestructivePermanently delete a single contact record. This cannot be undone. The contact is removed from all sequences, campaigns, and tags.
-
delete_orderDestructiveDelete a single order record. This removes the future payment schedule (subscription or payment plan). The original transaction remains but no further charges will be made. Use ...
-
cancel_subscriptionFinancialCancel one or more active subscriptions by deleting their order records. This removes the recurring payment schedule and stops all future charges. Associated open orders will no...
-
pay_invoiceFinancialPay an existing unpaid invoice using a card on file. This charges the contact
-
process_transactionFinancialCharge a contact
-
refund_transactionFinancialRefund one or more previously charged transactions. The refund is processed through the original payment gateway. This action cannot be undone.
-
rerun_transactionFinancialRetry a previously declined or failed transaction. The charge is re-attempted against the contact
-
void_transactionFinancialVoid one or more previously charged transactions. Voiding differs from refunding — a void cancels a transaction that hasn
-
write_off_transactionFinancialWrite off one or more unpaid transactions. Use this for transactions that will not be collected (e.g., bad debt).
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.