Critical-risk tools in Tienda Nube MCP Server
13 of the 121 tools in Tienda Nube MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
tiendanube_clear_cartDestructiveCLEAR CART - Remove all items from the cart.
-
tiendanube_delete_business_ruleDestructiveDelete a business rule
-
tiendanube_delete_categoryDestructive🗑️ DELETE CATEGORY - Permanently remove a product category from the store catalog. ⚠️ WARNING: Products in this category will be automatically moved to the parent category or b...
-
tiendanube_delete_couponDestructive🗑️ DELETE COUPON - Permanently remove a discount coupon from the store. ⚠️ WARNING: This action is irreversible and will immediately invalidate the coupon for all customers, in...
-
tiendanube_delete_draft_orderDestructiveDELETE DRAFT ORDER - Delete a specific draft order.
-
tiendanube_delete_fulfillment_orderDestructiveDelete a fulfillment order (cancels the fulfillment)
-
tiendanube_delete_metafieldDestructiveDELETE METAFIELD - Delete a metafield by ID.
-
tiendanube_delete_product_custom_fieldDestructiveDelete a product custom field (only custom fields created by current app)
-
tiendanube_delete_product_variant_custom_fieldDestructiveDelete a product variant custom field (only custom fields created by current app)
-
tiendanube_delete_script_tagDestructiveDELETE SCRIPT TAG - Remove a script tag.
-
tiendanube_remove_cart_itemDestructiveREMOVE CART ITEM - Remove an item from the cart by item_id or variant_id (we
-
tiendanube_create_transactionFinancialCreate a new transaction for an order. Used by payment providers to register payment attempts.
-
tiendanube_create_transaction_eventFinancialCreate a new event for an existing transaction (capture, refund, void, etc.)
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.