Critical-risk tools in Clockify Time Tracking
17 of the 112 tools in Clockify Time Tracking are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_assignmentDestructivedelete_assignment
-
delete_clientDestructivedelete_client
-
delete_expenseDestructivePermanently delete an expense from a workspace.
-
delete_expense_categoryDestructivePermanently delete an expense category from a workspace.
-
delete_holidayDestructivePermanently delete a holiday from a workspace by id.
-
delete_invoiceDestructivePermanently delete an invoice from a workspace.
-
delete_invoice_paymentDestructivePermanently remove one recorded payment from an invoice.
-
delete_projectDestructivedelete_project
-
delete_shared_reportDestructivedelete_shared_report
-
delete_tagDestructivePermanently delete a tag from a workspace.
-
delete_taskDestructivePermanently delete a task from its project.
-
delete_time_entryDestructivePermanently delete a time entry, identified by its id.
-
delete_webhookDestructivePermanently delete a webhook from a workspace by its id.
-
delete_workspace_custom_fieldDestructivedelete_workspace_custom_field
-
remove_project_custom_fieldDestructiveremove_project_custom_field
-
withdraw_time_off_requestDestructiveWithdraw/cancel a time-off request, deleting it.
-
add_invoice_paymentFinancialRecord a payment received against an invoice.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.