Critical-risk tools in Tailscale
10 of the 89 tools in Tailscale are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
tailscale_delete_deviceDestructivePermanently remove a device from the tailnet. This is irreversible — the device must re-authenticate to rejoin.
-
tailscale_delete_device_inviteDestructiveDelete a device invite. This is irreversible — the invite link will stop working.
-
tailscale_delete_device_posture_attributeDestructiveDelete a custom posture attribute from a device. This is irreversible.
-
tailscale_delete_keyDestructiveDelete a key (auth key, OAuth client, or federated identity). This is irreversible. For auth keys, devices already authenticated are unaffected but no new devices can use it. Fo...
-
tailscale_delete_log_stream_configDestructiveDelete a log streaming configuration. Logs will stop being sent to the configured destination.
-
tailscale_delete_posture_integrationDestructiveDelete a posture integration. This is irreversible.
-
tailscale_delete_serviceDestructiveDelete a Tailscale Service. This is irreversible — the service's MagicDNS name and virtual IP will be released.
-
tailscale_delete_userDestructiveDelete a user from the tailnet. This is irreversible — the user and all their devices will be removed.
-
tailscale_delete_user_inviteDestructiveDelete a user invite. This is irreversible — the invite link will stop working.
-
tailscale_delete_webhookDestructiveDelete a webhook. This is irreversible — the webhook secret cannot be recovered.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.