Critical-risk tools in CloudStack MCP Server
77 of the 442 tools in CloudStack MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_host_maintenanceDestructiveCancel host maintenance mode
-
delete_accountDestructiveDelete a CloudStack account
-
delete_account_from_projectDestructiveRemove an account from a project
-
delete_alertsDestructiveDelete system alerts
-
delete_application_load_balancerDestructiveDelete application load balancer
-
delete_bgp_peerDestructiveDelete BGP peer
-
delete_customer_gatewayDestructiveDelete a customer gateway
-
delete_dhcp_optionDestructiveDelete a DHCP option
-
delete_disk_offeringDestructiveDelete disk offering
-
delete_domainDestructiveDelete a domain
-
delete_egress_firewall_ruleDestructiveDelete an egress firewall rule
-
delete_firewall_ruleDestructiveDelete firewall rule
-
delete_global_load_balancerDestructiveDelete global load balancer rule
-
delete_hostDestructiveDelete hypervisor host
-
delete_image_storeDestructiveDelete an image store backend
-
delete_ip_forwarding_ruleDestructiveDelete an IP forwarding rule
-
delete_ipv4_subnet_for_guest_networkDestructiveDelete IPv4 subnet for guest network
-
delete_ipv4_subnet_for_zoneDestructiveDelete IPv4 subnet for zone
-
delete_ipv6_firewall_ruleDestructiveDelete IPv6 firewall rule
-
delete_isoDestructiveDelete an ISO
-
delete_kubernetes_clusterDestructiveDelete an existing Kubernetes cluster
-
delete_kubernetes_supported_versionDestructiveRemove a previously added Kubernetes version
-
delete_lb_health_check_policyDestructiveDelete load balancer health check policy
-
delete_lb_stickiness_policyDestructiveDelete load balancer stickiness policy
-
delete_load_balancer_ruleDestructiveDelete a load balancer rule
-
delete_networkDestructiveDelete a network
-
delete_network_aclDestructiveDelete network ACL rule
-
delete_network_acl_listDestructiveDelete a Network ACL list
-
delete_network_deviceDestructiveDelete a network device
-
delete_network_offeringDestructiveDelete a network offering
-
delete_network_service_providerDestructiveDelete a network service provider
-
delete_physical_networkDestructiveDelete a physical network
-
delete_podDestructiveDelete a pod
-
delete_port_forwarding_ruleDestructiveDelete port forwarding rule
-
delete_private_gatewayDestructiveDelete a private gateway
-
delete_projectDestructiveDelete a project and its resources
-
delete_remote_access_vpnDestructiveDelete Remote Access VPN
-
delete_roleDestructiveDelete a role
-
delete_routing_firewall_ruleDestructiveDelete IPv4 routing firewall rule
-
delete_security_groupDestructiveDelete a security group
-
delete_service_offeringDestructiveDelete a service offering in CloudStack
-
delete_snapshotDestructiveDelete a volume snapshot
-
delete_snapshot_policiesDestructiveDelete snapshot policies
-
delete_ssl_certDestructiveDelete SSL certificate
-
delete_static_routeDestructiveDelete a static route
-
delete_storage_poolDestructiveDelete a storage pool
-
delete_tagsDestructiveDelete tags from resources
-
delete_templateDestructiveDelete a template
-
delete_traffic_typeDestructiveDelete a traffic type from a physical network
-
delete_userDestructiveDelete a user
-
delete_vlan_ip_rangeDestructiveDelete a VLAN IP range
-
delete_vm_scheduleDestructiveDelete virtual machine schedule
-
delete_vm_snapshotDestructiveDelete virtual machine snapshot
-
delete_volumeDestructiveDelete a volume
-
delete_vpcDestructiveDelete a Virtual Private Cloud
-
delete_vpc_offeringDestructiveDelete a VPC offering
-
delete_vpn_connectionDestructiveDelete a VPN connection
-
delete_vpn_customer_gatewayDestructiveDelete a VPN customer gateway
-
delete_vpn_gatewayDestructiveDelete a VPN gateway
-
delete_zoneDestructiveDelete a zone/data center
-
destroy_routerDestructiveDestroy a virtual router
-
destroy_system_vmDestructiveDestroy system virtual machine
-
destroy_virtual_machineDestructiveDestroy (delete) a virtual machine
-
expunge_virtual_machineDestructivePermanently delete a virtual machine
-
release_bgp_peerDestructiveRelease dedicated BGP peer
-
release_ipv4_subnet_for_zoneDestructiveRelease dedicated IPv4 subnet for zone
-
release_public_ip_rangeDestructiveRelease a dedicated public IP range
-
remove_guest_os_mappingDestructiveRemove guest OS mapping
-
remove_nic_from_virtual_machineDestructiveRemove a NIC from a virtual machine
-
remove_nic_from_vmDestructiveRemove network interface from virtual machine
-
remove_resource_detailDestructiveRemove resource detail from virtual machine
-
remove_vms_from_kubernetes_clusterDestructiveRemove virtual machines from a Kubernetes cluster
-
remove_vmware_dcDestructiveRemove VMware datacenter
-
remove_vpn_userDestructiveRemove VPN user
-
revoke_certificateDestructiveRevoke an SSL certificate
-
revoke_security_group_egressDestructiveRemove egress rule from security group
-
revoke_security_group_ingressDestructiveRemove ingress rule from security group
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.