Critical-risk tools in Iwork

Critical severity Iwork MCP Server 8 of 114 tools

8 of the 114 tools in Iwork are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

keynote_delete_slide Destructive

Delete a slide from the presentation
numbers_clear_cells Destructive

Clear the contents of a cell or range
numbers_delete_column Destructive

Delete one or more columns from a table
numbers_delete_row Destructive

Delete one or more rows from a table
numbers_delete_sheet Destructive

Delete a sheet from a Numbers document
numbers_delete_table Destructive

Delete a table from a sheet
pages_delete_text Destructive

Delete a paragraph by index (preserves formatting on other paragraphs)
keynote_close_presentation Destructive

Close a Keynote presentation

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Iwork

Tools at critical risk

Attacks that target this class

More on Iwork

Enforce policy on every Iwork tool call.