Critical-risk tools in Rentalot MCP Server
8 of the 65 tools in Rentalot MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_contactDestructiveUse to soft-delete a contact. The contact can be restored later. Write operation — requires Pro tier or higher.
-
delete_draftDestructiveUse to delete a draft message. Only
-
delete_followupDestructiveUse to cancel and delete a pending follow-up. Only
-
delete_propertyDestructiveUse to permanently delete a property listing. This cannot be undone. Write operation — requires Pro tier or higher.
-
delete_property_imagesDestructiveUse to delete one or more images from a property. Write operation — requires Pro tier or higher.
-
delete_showingDestructiveUse to permanently delete a showing. Prefer updating status to
-
delete_webhookDestructiveUse to delete a webhook subscription. Events will no longer be delivered to the endpoint. Write operation — requires Pro tier or higher.
-
delete_workflowDestructiveUse to delete a workflow template. Fails with 409 if active runs exist — cancel or wait for them to finish first. Write operation — requires Pro tier or higher.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.