Critical-risk tools in FacturaHub MCP Server
11 of the 76 tools in FacturaHub MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_clientDestructive[FacturaHub] Delete a client
-
delete_expenseDestructive[FacturaHub] Delete an expense by ID
-
delete_invoiceDestructive[FacturaHub] Delete a draft invoice.
-
delete_taskDestructive[FacturaHub] Delete a task. Only tasks in
-
delete_vendorDestructive[FacturaHub] Delete a vendor/supplier.
-
remove_business_contextDestructive[FacturaHub] Remove an outdated or incorrect business context entry.
-
remove_team_memberDestructive[FacturaHub] Remove a member from the current team. Requires admin or owner role.
-
close_registerFinancial[FacturaHub] Close the current cash register session. Provide the actual cash count for reconciliation.
-
record_supplier_paymentFinancial[FacturaHub] Record a payment against a supplier invoice.
-
submit_tax_declarationFinancial[FacturaHub] Mark a tax declaration as submitted.
-
upgrade_planFinancial[FacturaHub] Generate a checkout link to upgrade plan.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.