Critical-risk tools in Mittwald MCP Server
22 of the 172 tools in Mittwald MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
mittwald_app_uninstallDestructiveUninstall an app.
-
mittwald_backup_deleteDestructiveDelete a backup
-
mittwald_backup_schedule_deleteDestructiveDelete a backup schedule.
-
mittwald_container_deleteDestructiveDelete a container.
-
mittwald_context_reset_sessionDestructiveReset (clear) all user context parameters in Redis session (session-aware, multi-tenant safe)
-
mittwald_cronjob_deleteDestructiveDelete a cronjob.
-
mittwald_database_mysql_deleteDestructiveDelete a MySQL database.
-
mittwald_database_mysql_user_deleteDestructiveDelete an existing MySQL user.
-
mittwald_domain_virtualhost_deleteDestructiveDelete a domain virtualhost.
-
mittwald_extension_uninstallDestructiveRemove an extension from an organization.
-
mittwald_mail_address_deleteDestructiveDelete a mail address.
-
mittwald_mail_deliverybox_deleteDestructiveDelete a delivery box.
-
mittwald_org_deleteDestructiveDelete an organization. This is a destructive operation and cannot be undone.
-
mittwald_org_membership_revokeDestructiveRevoke a user\
-
mittwald_project_deleteDestructiveDelete a project.
-
mittwald_registry_deleteDestructiveDelete a registry from Mittwald.
-
mittwald_sftp_user_deleteDestructiveDelete an SFTP user.
-
mittwald_ssh_user_deleteDestructiveDelete an SSH user.
-
mittwald_stack_deleteDestructiveDelete a stack.
-
mittwald_user_api_token_revokeDestructiveRevoke an API token.. Permanently disables the specified API token.
-
mittwald_user_ssh_key_deleteDestructiveDelete an SSH key.. Permanently removes the specified SSH key.
-
mittwald_volume_deleteDestructiveDelete a persistent volume. WARNING: This permanently removes stored data.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.