Critical-risk tools in Local Ydb

Critical severity Local Ydb MCP Server 4 of 34 tools

4 of the 34 tools in Local Ydb are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

local_ydb_cleanup_storage Destructive

Remove explicitly supplied local-ydb storage paths or volumes.
local_ydb_destroy_stack Destructive

Remove tenant metadata, local-ydb containers, network, and storage for a profile, with optional host-path cleanup.
local_ydb_permissions Destructive

List, grant, revoke, set, clear, chown, or toggle inheritance for YDB scheme permissions.
local_ydb_remove_dynamic_nodes Destructive

Remove extra dynamic tenant nodes one at a time and verify each disappears from nodelist.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Critical-risk tools in Local Ydb

Tools at critical risk

Attacks that target this class

More on Local Ydb

Let agents act without letting them run wild.