Critical-risk tools in GoHighLevel MCP Server
40 of the 255 tools in GoHighLevel MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
bulk_delete_social_postsDestructiveDelete multiple social media posts at once (max 50)
-
cancel_scheduled_emailDestructiveCancel a scheduled email before it is sent
-
cancel_scheduled_messageDestructiveCancel a scheduled message before it is sent
-
delete_appointmentDestructiveCancel/delete an appointment from GoHighLevel
-
delete_appointment_noteDestructiveDelete an appointment note
-
delete_calendarDestructiveDelete a calendar from GoHighLevel
-
delete_calendar_groupDestructiveDelete a calendar group
-
delete_calendar_notificationDestructiveDelete calendar notification
-
delete_calendar_resource_equipmentDestructiveDelete an equipment resource
-
delete_calendar_resource_roomDestructiveDelete a room resource
-
delete_contactDestructiveDelete a contact from GoHighLevel
-
delete_contact_noteDestructiveDelete a note for a contact
-
delete_contact_taskDestructiveDelete a task for a contact
-
delete_conversationDestructiveDelete a conversation permanently
-
delete_couponDestructiveDelete a coupon permanently
-
delete_custom_provider_integrationDestructiveDelete an existing custom payment provider integration
-
delete_email_templateDestructiveDelete an email template from GoHighLevel.
-
delete_invoice_templateDestructiveDelete an invoice template
-
delete_locationDestructiveDelete a sub-account/location from GoHighLevel
-
delete_location_custom_fieldDestructiveDelete a custom field from a location
-
delete_location_custom_valueDestructiveDelete a custom value from a location
-
delete_location_tagDestructiveDelete a location tag
-
delete_location_templateDestructiveDelete a template from a location
-
delete_media_fileDestructiveDelete a specific file or folder from the media library
-
delete_object_recordDestructiveDelete a record from a custom or standard object
-
delete_opportunityDestructiveDelete an opportunity from GoHighLevel CRM
-
delete_social_accountDestructiveDelete a social media account connection
-
delete_social_postDestructiveDelete a social media post
-
ghl_delete_associationDestructiveDelete a user-defined association. This will also delete all relations created with this association.
-
ghl_delete_custom_fieldDestructiveDelete a custom field by ID. This will permanently remove the field and its data.
-
ghl_delete_custom_field_folderDestructiveDelete a custom field folder. This will also affect any fields within the folder.
-
ghl_delete_productDestructiveDelete a product by ID
-
ghl_delete_relationDestructiveDelete a specific relation between two entities.
-
ghl_delete_shipping_carrierDestructiveDelete a shipping carrier
-
ghl_delete_shipping_rateDestructiveDelete a shipping rate
-
ghl_delete_shipping_zoneDestructiveDelete a shipping zone and all its associated shipping rates
-
remove_contact_from_all_campaignsDestructiveRemove contact from all campaigns
-
remove_contact_from_campaignDestructiveRemove contact from a specific campaign
-
remove_contact_from_workflowDestructiveRemove contact from a workflow
-
send_invoiceFinancialSend an invoice to customer
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.