Critical-risk tools in Mcp Windows
24 of the 441 tools in Mcp Windows are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
clean_empty_directoriesDestructiveRemove empty directories recursively
-
drop_eventDestructiveDrop a scheduled event.
-
drop_partitionDestructiveDrop a partition from a table.
-
drop_roleDestructiveDrop a role (MySQL 8.0+).
-
drop_stored_functionDestructiveDrop a stored function.
-
drop_stored_procedureDestructiveDrop a stored procedure.
-
event_log_clearDestructiveClear a Windows Event Log (requires admin privileges)
-
mysql_delete_dataDestructiveDelete data from a table.
-
mysql_drop_databaseDestructiveDrop a MySQL database (USE WITH CAUTION!).
-
mysql_drop_foreign_keyDestructiveDrop a foreign key constraint from a table.
-
mysql_drop_indexDestructiveDrop an index from a table.
-
mysql_drop_primary_keyDestructiveDrop the primary key from a table.
-
mysql_drop_tableDestructiveDrop a table from the database.
-
mysql_drop_userDestructiveDrop a MySQL user.
-
mysql_drop_viewDestructiveDrop a view from the database.
-
mysql_reset_query_cacheDestructiveReset (clear) the query cache.
-
mysql_revoke_privilegesDestructivemysql_revoke_privileges
-
mysql_truncate_tableDestructiveTruncate a table (remove all rows quickly).
-
revoke_role_from_userDestructiveRevoke a role from a user (MySQL 8.0+).
-
spotify_delete_downloaded_contentDestructiveClear downloaded tracks
-
spotify_remove_track_from_libraryDestructiveRemove the current track from liked songs
-
wifi_delete_profileDestructiveDelete a saved WiFi profile
-
clean_temp_filesDestructiveClean temporary files from system temp directories
-
mysql_alter_table_drop_columnDestructiveDrop a column from an existing table.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.