Critical-risk tools in Technitium MCP Secure

Critical severity Technitium MCP Secure MCP Server 7 of 39 tools

7 of the 39 tools in Technitium MCP Secure are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

dns_delete_cached Destructive

Delete a specific domain from the DNS cache. Unlike flush, this only removes the specified domain.
dns_delete_record Destructive

Delete a specific DNS record from a zone. Requires confirm=true to execute.
dns_delete_zone Destructive

Delete a DNS zone and all its records. Requires confirm=true to execute.
dns_remove_allowed Destructive

Remove a domain from the allow list. The domain will no longer bypass block lists.
dns_uninstall_app Destructive

Uninstall a DNS app from the server. Requires confirm=true to execute.
dns_flush_allowed Destructive

Flush the entire allow list. All allowed domains will be removed. Requires confirm=true to execute.
dns_flush_blocked Destructive

Flush the entire custom block list. All manually blocked domains will be removed. Requires confirm=true to execute.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in Technitium MCP Secure

Tools at critical risk

Attacks that target this class

More on Technitium MCP Secure

Enforce policy on every Technitium MCP Secure tool call.