Critical-risk tools in Truenas

Critical severity Truenas MCP Server 46 of 279 tools

46 of the 279 tools in Truenas are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

acme_dns_authenticator_delete Destructive

Delete an ACME DNS authenticator by its ID.
alertservice_delete Destructive

Delete an alert notification service by its ID. Use alertservice_list to find the ID.
api_key_delete Destructive

Delete an API key by its numeric ID. Use api_key_list to find the ID. This immediately revokes access for anyone using that key.
app_delete Destructive

Delete/uninstall an app. This is a DESTRUCTIVE operation. The
bootenv_delete Destructive

Delete a boot environment. This is a DESTRUCTIVE operation — the
certificate_delete Destructive

Delete a certificate by its ID. This is a DESTRUCTIVE operation — the
cloud_backup_delete Destructive

Delete a cloud backup task (destructive — requires confirm)
cloudsync_credentials_delete Destructive

Delete a cloud sync credential
cloudsync_delete Destructive

Delete a cloud sync task (destructive — requires confirm)
cronjob_delete Destructive

Delete a cron job
dataset_delete Destructive

Delete a dataset (destructive — requires confirm)
disk_wipe Destructive

Wipe a disk, destroying all data on it. This is a DESTRUCTIVE operation — the
group_delete Destructive

Delete a group. This is a DESTRUCTIVE operation — the
initshutdown_delete Destructive

Delete an init/shutdown script
iscsi_extent_delete Destructive

Delete an iSCSI extent (LUN)
iscsi_initiator_delete Destructive

Delete an iSCSI initiator group
iscsi_portal_delete Destructive

Delete an iSCSI portal
iscsi_target_delete Destructive

Delete an iSCSI target
iscsi_targetextent_delete Destructive

Delete an iSCSI target-to-extent mapping
keychaincredential_delete Destructive

Delete an SSH credential or keypair
network_interface_delete Destructive

Delete a network interface. This is a DESTRUCTIVE operation — the
network_static_route_delete Destructive

Delete a static route by its numeric ID. Use network_static_route_list to find the ID.
nfs_share_delete Destructive

Delete an NFS share/export
privilege_delete Destructive

Delete a privilege/role by its ID. Use privilege_list to find the ID.
replication_delete Destructive

Delete a replication task (destructive — requires confirm)
rsync_task_delete Destructive

Delete an rsync task
smb_share_delete Destructive

Delete an SMB share
system_ntp_server_delete Destructive

Delete an NTP server by its ID. Use system_ntp_servers first to find the ID.
tunable_delete Destructive

Delete a tunable by its ID. Use tunable_list to find the ID.
user_delete Destructive

Delete a user account. This is a DESTRUCTIVE operation — the
vm_delete Destructive

Delete a virtual machine. This is a DESTRUCTIVE operation. The
vm_device_delete Destructive

Delete a VM device by its ID. Optionally delete the associated zvol or raw file.
system_shutdown Destructive

Shut down the TrueNAS system. This is a DESTRUCTIVE operation — the system will power off and require physical or IPMI intervention to restart. The
app_rollback Destructive

Rollback an app to a previous version. This is a DESTRUCTIVE operation. The
cloud_backup_abort Destructive

Abort a running cloud backup task
directory_services_leave Destructive

Leave the current Active Directory or LDAP domain. This is a DESTRUCTIVE operation —
network_rollback_changes Destructive

Rollback all pending (uncommitted) network interface changes, restoring the previous network configuration.
snapshot_delete Destructive

Delete a ZFS snapshot (destructive — requires confirm)
snapshot_rollback Destructive

Rollback a dataset to a snapshot (destructive — requires confirm)
snapshot_task_delete Destructive

Delete a periodic snapshot task
system_reboot Destructive

Reboot the TrueNAS system. This is a DESTRUCTIVE operation — all running services will be interrupted. The
boot_attach_disk Destructive

Attach a disk to the boot pool to create or extend a mirror. This is a DESTRUCTIVE operation that will erase the target disk. The
boot_detach_disk Destructive

Detach a disk from the boot pool mirror. This is a DESTRUCTIVE operation — the
pool_export Destructive

Export (disconnect) a pool (destructive — requires confirm)
pool_replace_disk Destructive

Replace a disk in a pool (destructive — requires confirm)
update_apply Destructive

Apply previously downloaded system updates. This is a DESTRUCTIVE operation that may reboot the system. The

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Critical-risk tools in Truenas

Tools at critical risk

Attacks that target this class

More on Truenas

Enforce policy on every Truenas tool call.