Critical-risk tools in QR for Agent
5 of the 37 tools in QR for Agent are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
bulk_delete_qr_codesDestructiveDelete multiple QR codes and their scan analytics in a single request (up to 50). Items with non-existent short_id are reported as not_found without failing the whole batch.
-
delete_qr_codeDestructivePermanently delete a QR code and all its scan analytics. The short URL will stop working immediately. This cannot be undone.
-
delete_webhookDestructiveDelete a webhook endpoint and all its delivery logs. The endpoint will stop receiving events immediately.
-
manage_billingFinancialOpen the Stripe billing portal to manage your subscription, update payment method, or cancel. Returns a portal URL — tell the user to open it in their browser. Only works if you...
-
upgrade_to_proFinancialUpgrade to the Pro plan ($19/month) for unlimited QR codes, scans, and webhooks. Returns a Stripe Checkout URL — tell the user to open it in their browser to complete payment. T...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.