Critical-risk tools in StealthSurf MCP Server
17 of the 92 tools in StealthSurf MCP Server are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cloud_configs_deleteDestructivePermanently delete a VPN config from a cloud server. The config
-
cloud_proxies_change_titleDestructiveChange display title of a cloud server proxy. Set null to reset to default.
-
cloud_proxies_deleteDestructivePermanently delete a proxy from a cloud server. The proxy connection_url stops working immediately. Cannot be undone.
-
configs_delete_subconfigDestructiveDelete the subconfig (HTTP/SOCKS5 proxy) from a VPN config. The main VPN config remains active — only the proxy access point is removed.
-
custom_subscriptions_deleteDestructivePermanently delete a custom subscription. The subscription URL stops working. All items are removed but the underlying configs remain active. Cannot be undone.
-
custom_subscriptions_delete_all_devicesDestructiveRemove all devices from a custom subscription. Returns deleted_count.
-
custom_subscriptions_delete_deviceDestructiveRemove a device from a custom subscription.
-
custom_subscriptions_reset_keyDestructiveRegenerate the subscription URL key. The old URL stops working immediately. All VPN apps using this subscription will need to re-import. Use when the URL may have been leaked.
-
devices_deleteDestructiveRemove a specific device from the device list. The device will need to re-register on next VPN connection.
-
devices_delete_allDestructiveRemove all devices from the device list. All devices will need to re-register. Returns count of deleted devices. Useful for a clean reset of device access.
-
paid_option_configs_change_titleDestructiveChange display title of a paid option config. Set null to reset to default.
-
paid_option_configs_delete_subconfigDestructiveDelete HTTP/SOCKS5 subconfig from a paid option config. Only removes proxy access; main VPN config stays active.
-
paid_options_delete_all_devicesDestructiveRemove all devices from a paid option. All connected devices will be disconnected. Useful for resetting device access.
-
paid_options_delete_deviceDestructiveRemove a specific device from a paid option. The device will be disconnected and will need to re-authenticate.
-
paid_options_delete_titleDestructiveReset a paid option config title back to default (by index). Removes the custom title set via paid_options_update_title.
-
referral_withdraw_cardFinancialWithdraw referral balance to a bank card. Minimum 1000 RUB, maximum 75000 RUB per transaction. Card number is validated (Luhn check). Returns withdrawal record with id and creat...
-
referral_withdraw_sbpFinancialWithdraw referral balance via SBP (Fast Payment System) to a Russian bank. Minimum 1000 RUB, maximum 75000 RUB per transaction. Requires bank_id from referral_get_sbp_banks and ...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.