Critical-risk tools in Ludus FastMCP
17 of the 201 tools in Ludus FastMCP are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
abort_and_remove_rangeDestructiveAbort any active deployment and then remove the range. This is a convenience function that combines abort_range_deployment() and delete_range(). Equival...
-
batch_remove_snapshotsDestructiveRemove snapshots from multiple VMs in parallel. Args: vm_names: List of VM names snapshot_name: Name of snapshot to remove user_id: ...
-
bulk_vm_operationsDestructivePerform bulk operations on multiple VMs. Args: operation: Operation to perform (power_on, power_off, snapshot, delete) vm_names: Optional list o...
-
clear_range_accessDestructiveClear all range access permissions. Args: user_id: Optional user ID (admin only) Returns: Clear result
-
delete_blueprintDestructiveDelete a blueprint. Args: blueprint_id: ID of the blueprint to delete Returns: Deletion confirmation
-
delete_groupDestructiveDelete a group. Args: group_name: Name of the group to delete Returns: Deletion result
-
delete_rangeDestructiveDelete the entire range. Permanently removes the range and all associated VMs, snapshots, and data. **Important:** If a deployment is in progress, abor...
-
delete_range_by_userDestructivedelete_range_by_user
-
delete_ranges_by_statusDestructivedelete_ranges_by_status
-
delete_templateDestructiveDelete a template. Args: template_id: Template ID to delete user_id: Optional user ID (admin only) Returns: Deletion result
-
destroy_vmDestructiveDestroy a specific VM. Args: vm_id: ID of the VM to destroy Returns: Destruction result
-
remove_snapshotDestructiveRemove a snapshot. Args: vm_name: Name of the VM snapshot_name: Name of the snapshot to remove user_id: Optional user ID (admin only...
-
remove_userDestructiveRemove a user from the Ludus system. Args: user_id: User ID to remove Returns: Removal result
-
remove_users_from_groupDestructiveRemove users from a group. Args: group_name: Name of the group user_ids: List of user IDs to remove Returns: Result of remo...
-
revoke_range_accessDestructiveRevoke range access from a user. Args: target_user_id: User ID to revoke access from user_id: Optional user ID (admin only) Returns: ...
-
revoke_range_from_userDestructiveRevoke range access from a user. Args: user_id: User ID to revoke range access from range_id: Range ID to revoke Returns: R...
-
cleanup_old_rangesDestructivecleanup_old_ranges
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.