Critical-risk tools in Integrations MCP
11 of the 420 tools in Integrations MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
airtable_delete_recordDestructiveairtable_delete_record
-
calendly_cancel_eventDestructiveCancel a scheduled Calendly event.
-
calendly_remove_inviteeDestructiveRemove (delete) an invitee's data from a Calendly event.
-
cloudflare_delete_dns_recordDestructiveDelete a DNS record from a Cloudflare zone.
-
cloudflare_purge_cacheDestructivecloudflare_purge_cache
-
gcal_delete_eventDestructiveDelete a calendar event.
-
okta_deactivate_userDestructiveDeactivate an Okta user. This transitions the user to DEPROVISIONED status.
-
s3_delete_objectDestructiveDelete an object from S3.
-
salesforce_delete_recordDestructiveDelete a Salesforce record.
-
supabase_delete_userDestructiveDelete an auth user from the Supabase project.
-
stripe_create_payment_intentFinancialstripe_create_payment_intent
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.