Critical-risk tools in Todos
38 of the 528 tools in Todos are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
apply_retention_cleanupDestructiveApply local retention cleanup after a dry run. Requires confirm=
-
bulk_delete_tasksDestructiveDelete multiple tasks at once. Tasks with active children are skipped.
-
cancel_agent_runDestructiveCancel a queued or running agent run.
-
cancel_agent_run_dispatchDestructiveCancel a queued or running local agent dispatch.
-
cancel_dispatchDestructiveCancel a pending or scheduled dispatch. Cannot cancel dispatches that have already been sent.
-
cleanup_artifactsDestructivePurge soft-deleted artifacts past retention period from local store.
-
delete_agentDestructiveArchive an agent (soft delete). The agent is hidden from list_agents but preserved for task history. Use unarchive_agent to restore. Resolve by id or name.
-
delete_artifactDestructiveSoft-delete a local artifact. Use cleanup_artifacts to purge expired deletions.
-
delete_commentDestructiveDelete a comment.
-
delete_labelDestructivePermanently delete a label.
-
delete_milestoneDestructiveDelete a local roadmap milestone.
-
delete_planDestructivePermanently delete a plan and all its tasks.
-
delete_projectDestructivePermanently delete a project and all its tasks.
-
delete_roadmapDestructiveDelete a local roadmap and its milestone/release config.
-
delete_search_viewDestructiveDelete a local saved search view.
-
delete_tagDestructivePermanently delete a tag. Removes it from all tasks.
-
delete_taskDestructivePermanently delete a task. Fails if the task has active children (tasks that depend on it).
-
delete_task_listDestructivePermanently delete a task list and all its tasks.
-
delete_templateDestructiveDelete a task template by ID.
-
delete_watch_ruleDestructiveDelete a local terminal watch rule by ID.
-
delete_webhookDestructiveDelete a webhook by ID.
-
machines_archiveDestructiveArchive (soft-delete) a machine. Cannot archive primary or machines with active tasks.
-
machines_deleteDestructiveHard-delete a machine. Cannot delete primary or machines with active tasks.
-
remove_agent_run_adapterDestructiveRemove a configured local agent run adapter.
-
remove_capacity_profileDestructiveRemove a local planning capacity profile.
-
remove_encryption_profileDestructiveRemove a local encryption profile.
-
remove_local_event_hookDestructiveRemove a configured local event hook.
-
remove_local_extensionDestructiveRemove a local workflow extension from the registry.
-
remove_policy_packDestructiveRemove a local policy pack.
-
remove_review_routing_ruleDestructiveRemove a local review routing rule.
-
remove_runner_sandbox_profileDestructiveRemove a local runner sandbox profile.
-
remove_task_dependencyDestructiveRemove a dependency between two tasks.
-
remove_task_relationshipDestructiveRemove a semantic relationship between tasks by ID or by source+target+type.
-
remove_terminal_notification_ruleDestructiveRemove a configured local terminal notification watch rule.
-
remove_verification_providerDestructiveRemove a configured local verification provider.
-
remove_workspace_trustDestructiveRemove a local workspace trust profile.
-
restore_databaseDestructiveRestore todos SQLite database from a local backup file.
-
unfocusDestructiveClear focus — show all projects and tasks.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.