Critical-risk tools in Mealie MCP Server
31 of the 243 tools in Mealie MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
bulk_delete_recipesDestructiveDelete multiple recipes through Mealie's bulk action endpoint.
-
delete_admin_backupDestructiveDelete one admin backup by file name.
-
delete_admin_groupDestructiveDelete one admin-visible group by ID.
-
delete_admin_householdDestructiveDelete one admin-visible household by ID.
-
delete_admin_userDestructiveDelete one admin-visible user by ID.
-
delete_categoryDestructiveDelete a recipe category from Mealie.
-
delete_commentDestructiveDelete one comment by ID.
-
delete_cookbookDestructiveDelete one household cookbook by ID.
-
delete_foodDestructiveDelete a food/ingredient from Mealie.
-
delete_group_labelDestructiveDelete one group label by ID.
-
delete_group_reportDestructiveDelete one group report by ID.
-
delete_household_notificationDestructiveDelete one household event notification by ID.
-
delete_household_webhookDestructiveDelete one household webhook by ID.
-
delete_meal_plan_entryDestructiveDelete a meal plan entry.
-
delete_meal_plan_ruleDestructiveDelete a meal planning rule.
-
delete_recipeDestructiveDelete a recipe from Mealie.
-
delete_recipe_actionDestructiveDelete one household recipe action by ID.
-
delete_recipe_imageDestructiveDelete a recipe image.
-
delete_recipe_timeline_eventDestructiveDelete one recipe timeline event.
-
delete_recipe_toolDestructiveDelete a Mealie recipe tool/utensil.
-
delete_shared_recipe_recordDestructiveDelete one shared recipe record by ID.
-
delete_shopping_itemDestructiveDelete one shopping item.
-
delete_shopping_itemsDestructiveDelete multiple shopping items.
-
delete_shopping_listDestructiveDelete a shopping list.
-
delete_tagDestructiveDelete a recipe tag from Mealie.
-
delete_unitDestructiveDelete a measurement unit from Mealie.
-
delete_user_api_tokenDestructiveDelete one Mealie API token by ID.
-
delete_user_favoriteDestructiveRemove one recipe from a user's favorites.
-
purge_recipe_exportsDestructivePurge recipe export jobs/files.
-
remove_recipe_from_shopping_listDestructiveRemove one recipe's ingredients from a shopping list.
-
restore_admin_backupDestructiveRestore one admin backup by file name.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.