Critical-risk tools in Sage MCP
19 of the 359 tools in Sage MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
claude_code_delete_inviteDestructiveDelete a pending invitation
-
claude_code_remove_userDestructiveRemove a user from the organization
-
codex_delete_userDestructiveRemove a user from the organization
-
confluence_delete_pageDestructiveDelete a Confluence page by ID
-
copilot_remove_seatsDestructiveRemove Copilot seats for specified users in an organization
-
cursor_remove_memberDestructiveRemove a member from the Cursor team by user ID
-
discord_delete_messageDestructiveDelete a message from a channel
-
excel_clear_rangeDestructiveClear the contents of a cell range in a worksheet (formatting is preserved)
-
excel_delete_worksheetDestructiveDelete a worksheet (tab) from a workbook
-
google_sheets_clear_rangeDestructiveClear all values from a range of cells in a Google Sheets spreadsheet (formatting is preserved)
-
google_sheets_delete_sheetDestructiveDelete a sheet (tab) from a Google Sheets spreadsheet by its sheet ID
-
google_slides_delete_slideDestructiveDelete a slide from a presentation by its object ID
-
outlook_delete_messageDestructiveDelete an email message. Moves to Deleted Items folder.
-
powerpoint_delete_presentationDestructiveDelete a PowerPoint presentation from OneDrive. This moves the file to the recycle bin.
-
slack_reactions_removeDestructiveRemove an emoji reaction from a message
-
zoom_delete_meetingDestructiveDelete a scheduled meeting
-
gmail_trash_messageDestructiveMove a message to the trash
-
copilot_add_seatsFinancialAdd Copilot seats for specified users in an organization
-
cursor_set_user_spend_limitFinancialSet a spending limit in USD for a specific team member
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.