Critical-risk tools in Vultr MCP
30 of the 284 tools in Vultr MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
deleteDestructiveDelete a block storage volume.
-
delete_bare_metal_serverDestructiveDelete a bare metal server.
-
delete_cdn_ssl_certificateDestructiveRemove SSL certificate from a CDN zone.
-
delete_cdn_zoneDestructiveDelete a CDN zone.
-
delete_collectionDestructivedelete_collection
-
delete_connection_poolDestructiveDelete a connection pool.
-
delete_dns_domainDestructiveDelete a DNS domain and ALL its associated records
-
delete_dns_recordDestructiveDelete a specific DNS record
-
delete_domainDestructiveDelete a DNS domain and all its records.
-
delete_exportDestructiveDelete an export from a storage gateway.
-
delete_forwarding_ruleDestructivedelete_forwarding_rule
-
delete_groupDestructiveDelete a firewall group.
-
delete_ipv4DestructiveDelete an IPv4 address from an instance.
-
delete_isoDestructiveDelete an ISO image.
-
delete_kafka_topicDestructiveDelete a Kafka topic.
-
delete_kubernetes_clusterDestructivedelete_kubernetes_cluster
-
delete_kubernetes_cluster_with_resourcesDestructivedelete_kubernetes_cluster_with_resources
-
delete_kubernetes_nodeDestructivedelete_kubernetes_node
-
delete_kubernetes_node_poolDestructivedelete_kubernetes_node_pool
-
delete_logical_databaseDestructiveDelete a logical database.
-
delete_recordDestructiveDelete a DNS record.
-
delete_ruleDestructivedelete_rule
-
delete_serverless_inferenceDestructiveDelete a serverless inference subscription.
-
delete_sslDestructivedelete_ssl
-
delete_startup_scriptDestructiveDelete a startup script.
-
delete_userDestructiveDelete a database user.
-
delete_vpc2DestructiveDelete a VPC 2.0 network.
-
purge_cdn_zoneDestructivePurge all cached content from a CDN zone.
-
remove_ip_whitelist_entryDestructiveremove_ip_whitelist_entry
-
remove_resource_from_collectionDestructiveremove_resource_from_collection
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.