Critical-risk tools in RedisNexus
22 of the 169 tools in RedisNexus are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
argocd_appsDestructiveManage ArgoCD applications: list, get, sync, diff, history, rollback, delete.
-
argocd_reposDestructiveManage ArgoCD repositories: list, add, remove.
-
aws_s3DestructiveManage S3 buckets: list, browse objects, check size, create, delete.
-
az_vmDestructiveManage Azure Virtual Machines — list, show, start, stop, deallocate, restart, delete.
-
docker_imagesDestructiveManage Docker images: list, pull, remove, inspect, prune unused, view history.
-
docker_networksDestructiveManage Docker networks: list, create, inspect, remove.
-
docker_systemDestructiveDocker system info, disk usage, and system prune.
-
docker_volumesDestructiveManage Docker volumes: list, create, inspect, remove, prune unused.
-
es_documentDestructiveIndex, get, update, delete individual documents or bulk index.
-
es_indexDestructiveManage Elasticsearch indexes: list, create, delete, stats, mappings.
-
gcp_computeDestructiveManage GCP Compute Engine — list, describe, start, stop, delete instances, list disks.
-
gcp_storageDestructiveManage Google Cloud Storage — list buckets, objects, create/delete buckets.
-
gh_releasesDestructiveManage GitHub releases: list, view, create, delete.
-
git_branchDestructiveManage git branches: create, delete, checkout, merge, rebase.
-
glab_releasesDestructiveManage GitLab releases: list, view, create, delete.
-
k8s_namespacesDestructiveManage Kubernetes namespaces: list, create, delete, describe.
-
mongo_collectionDestructiveManage collections: list, create, drop, stats, indexes, schema analysis.
-
mongo_databasesDestructiveList, inspect, or drop MongoDB databases.
-
redis_deleteDestructiveDelete one or more Redis keys. Requires explicit confirmation (confirm=True).
-
rmq_queue_deleteDestructiveDelete a queue entirely or purge all its messages. Requires confirmation.
-
vault_pkiDestructiveManage PKI certificates: issue, list, revoke, and view CA info.
-
vault_secretDestructiveManage Vault secrets: read, write, delete, list. Supports KV v2 secrets engine.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.