Critical-risk tools in Local Falcon MCP Server

Critical severity Local Falcon MCP Server MCP Server 2 of 37 tools

2 of the 37 tools in Local Falcon MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

removeFalconGuardProtection Destructive

Removes protection for one or multiple locations from Falcon Guard entirely. This deletes the Guard monitoring for the specified locations. You must provide either guardKey or p...
reactivateLocalFalconCampaign Financial

Reactivates a campaign that was deactivated due to insufficient credits. Use listLocalFalconCampaignReports to find the campaign_key for the campaign you want to reactivate.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Local Falcon MCP Server

Tools at critical risk

Attacks that target this class

More on Local Falcon MCP Server

Enforce policy on every Local Falcon MCP Server tool call.