Critical-risk tools in SmartBear MCP
19 of the 243 tools in SmartBear MCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
collaborator_delete_collaborator_remote_system_configurationDestructiveDeletes a remote system configuration in Collaborator by its ID. **Parameters:** - id (union) *required*: ID of the remote system Configuration to delete.
-
contract-testing_admin_delete_roleDestructiveDelete a role (admin). **Parameters:** - roleId (string) *required*: UUID of the role
-
contract-testing_admin_delete_teamDestructiveDelete a team (admin). **Parameters:** - teamId (string) *required*: UUID of the team
-
contract-testing_admin_delete_userDestructiveDelete a user account (admin). **Parameters:** - userId (string) *required*: UUID of the user
-
contract-testing_admin_remove_role_from_userDestructiveRemove a single role from a user (admin). **Parameters:** - userId (string) *required*: UUID of the user - roleId (string) *required*: UUID of the role
-
contract-testing_admin_remove_user_from_teamDestructiveRemove a specific user from a team (admin). **Parameters:** - teamId (string) *required*: UUID of the team - userId (string) *required*: UUID of the user
-
contract-testing_admin_reset_rolesDestructiveReset all roles to their factory defaults (admin). **Parameters:**
-
contract-testing_delete_all_integrationsDestructiveDelete ALL consumer-provider integrations in the workspace. **Parameters:**
-
contract-testing_delete_branchDestructiveDelete a branch from a pacticipant. **Parameters:** - pacticipantName (string) *required*: Name of the pacticipant - branchName (string) *required*: Name of the branch to delete
-
contract-testing_delete_environmentDestructiveDelete an environment by UUID. **Parameters:** - environmentId (string) *required*: UUID of the environment
-
contract-testing_delete_integrationDestructiveDelete a specific consumer-provider integration. **Parameters:** - providerName (string) *required*: Name of the provider - consumerName (string) *required*: Name of the consumer
-
contract-testing_delete_pacticipantDestructiveDelete a pacticipant and all its associated data. **Parameters:** - pacticipantName (string) *required*: Name of the pacticipant to delete
-
contract-testing_delete_secretDestructiveDelete a secret by UUID. **Parameters:** - secretId (string) *required*: UUID of the secret
-
contract-testing_delete_webhookDestructiveDelete a webhook by UUID. **Parameters:** - webhookId (string) *required*: UUID of the webhook
-
contract-testing_remove_label_from_pacticipantDestructiveRemove a label from a pacticipant. **Parameters:** - pacticipantName (string) *required*: Name of the pacticipant - labelName (string) *required*: Name of the label
-
reflect_cancel_suite_executionDestructiveCancel a reflect suite execution **Parameters:** - suiteId (string) *required*: ID of the reflect suite to cancel execution for - executionId (string) *required*: ID of the ref...
-
reflect_delete_previous_stepDestructiveDelete the last step added to an active Reflect recording session **Parameters:** - sessionId (string) *required*: The ID of the Reflect recording session
-
swagger_delete_portal_productDestructiveDelete a product from a specific portal **Parameters:** - productId (string) *required*: Product UUID or identifier in the format 'portal-subdomain:product-slug' - unique ident...
-
swagger_delete_table_of_contentsDestructiveDelete table of contents entry. Performs a soft-delete of an entry from the table of contents. Supports recursive deletion of nested items. **Parameters:** - tableOfContentsId ...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.