Critical-risk tools in Hwp

Critical severity Hwp MCP Server 4 of 31 tools

4 of the 31 tools in Hwp are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

delete_hwp_image Destructive

Delete a BinData/ ZIP entry inside an .hwpx (effectively removes the embedded image bytes). Args: file_path, target (basename or full entry), output_path (optional).
delete_hwp_paragraph Destructive

Delete the Nth paragraph (0-based) from an .hwpx body. Args: file_path, index, output_path (optional).
delete_hwp_table_column Destructive

Delete the Mth column (0-based) from the Nth table in an .hwpx (removes one <hp:tc> from every row). Args: file_path, table_index, col_index, output_path (optional).
delete_hwp_table_row Destructive

Delete the Mth row (0-based) from the Nth table (0-based) in an .hwpx. Args: file_path, table_index, row_index, output_path (optional).

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Critical-risk tools in Hwp

Tools at critical risk

Attacks that target this class

More on Hwp

Enforce policy on every Hwp tool call.