Critical-risk tools in MCP Email Service

Critical severity MCP Email Service MCP Server 4 of 16 tools

4 of the 16 tools in MCP Email Service are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

email_delete Destructive

DESTRUCTIVE. Defaults to dry-run; pass confirm=true to delete. By default moves to Trash; permanent=true expunges.
email_flag Destructive

DESTRUCTIVE. Defaults to dry-run; pass confirm=true to apply.
cleanup Destructive

Rule-based classifier into protected_finance/protected_travel/security/support_case (never deleted) vs marketing/routine_notification (cleanup candidates) vs unknown. Returns a ...
email_move Destructive

DESTRUCTIVE. Defaults to dry-run; pass confirm=true to apply.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in MCP Email Service

Tools at critical risk

Attacks that target this class

More on MCP Email Service

Enforce policy on every MCP Email Service tool call.