Critical-risk tools in Trello
31 of the 200 tools in Trello are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
TRELLO_ADD_LISTS_MOVE_ALL_CARDS_BY_ID_LISTDestructive 4/5Moves all cards from a Trello list to a *different* board; this action is irreversible, moves (not copies) cards, and empties the source list without deleting it.
-
TRELLO_ADD_NOTIFICATIONS_ALL_READDestructive 4/5Marks all Trello notifications for the authenticated user as read across all boards; this action is permanent and cannot be undone.
-
TRELLO_CONVERT_CHECKLIST_ITEM_TO_CARDDestructive 4/5Converts a checklist item into a new card (useful for promoting a subtask), which inherits some properties from the item; this is irreversible via the API and offers no customiz...
-
TRELLO_DELETE_ACTIONS_BY_ID_ACTIONDestructive 4/5Deletes a specific Trello action, such as a `commentCard`, by its ID; this is an irreversible operation and only applies to deletable action types, as many (especially system-ge...
-
TRELLO_DELETE_BOARDS_MEMBERS_BY_ID_BOARD_BY_ID_MEMBERDestructive 4/5Permanently removes a current member from a Trello board, revoking their access; this action is irreversible.
-
TRELLO_DELETE_BOARDS_POWER_UPS_BY_ID_BOARD_BY_POWER_UPDestructive 4/5Disables a Power-Up on a Trello board using the board's ID and the plugin ID of a Power-Up currently enabled on that board; this action is irreversible and may result in data loss.
-
TRELLO_DELETE_CARDS_ACTIONS_COMMENTS_BY_ID_CARD_BY_ID_ACTIONDestructive 4/5Deletes a specific comment action (identified by `idAction`) from a Trello card (identified by `idCard`); this operation is irreversible and only affects comments.
-
TRELLO_DELETE_CARDS_ATTACHMENTS_BY_ID_CARD_BY_ID_ATTACHMENTDestructive 4/5Permanently removes a specified attachment from a Trello card; this action is irreversible and requires that both the card and the attachment exist.
-
TRELLO_DELETE_CARDS_BY_ID_CARDDestructive 4/5Permanently deletes an archived Trello card specified by its `idCard`.
-
TRELLO_DELETE_CARDS_CHECKLISTS_BY_ID_CARD_BY_ID_CHECKLISTDestructive 4/5Permanently deletes a specific checklist from a Trello card.
-
TRELLO_DELETE_CARDS_ID_LABELS_BY_ID_CARD_BY_ID_LABELDestructive 4/5Removes a specific label from a Trello card; the label itself is not deleted from the board, only its association with the card.
-
TRELLO_DELETE_CARDS_ID_MEMBERS_BY_ID_CARD_BY_ID_MEMBERDestructive 4/5Removes a currently assigned member from a Trello card, affecting only the card's member list and not the member's board membership or overall permissions.
-
TRELLO_DELETE_CARDS_LABELS_BY_ID_CARD_BY_COLORDestructive 4/5Permanently removes a specific `color` label from an existing Trello card identified by `idCard`, if the card has that label; this only disassociates the label from the card, no...
-
TRELLO_DELETE_CARDS_MEMBERS_VOTED_BY_ID_CARD_BY_ID_MEMBERDestructive 4/5Removes a member's vote from a Trello card; this operation is irreversible and does not confirm if the vote existed prior to removal.
-
TRELLO_DELETE_CARDS_STICKERS_BY_ID_CARD_BY_ID_STICKERDestructive 4/5Permanently removes a specific sticker (identified by `idSticker`) from a Trello card (identified by `idCard`).
-
TRELLO_DELETE_CHECKLIST_ITEMDestructive 4/5Permanently deletes a specific check item from a checklist on a Trello card; this operation is irreversible and only affects the specified item, not the entire checklist.
-
TRELLO_DELETE_CHECKLISTS_BY_ID_CHECKLISTDestructive 4/5Permanently and irreversibly deletes a Trello checklist and all its items using the `idChecklist`.
-
TRELLO_DELETE_LABELS_BY_ID_LABELDestructive 4/5Permanently deletes an existing label from a Trello board by its ID; this operation is irreversible via the API.
-
TRELLO_DELETE_MEMBER_BOARD_BACKGROUNDDestructive 4/5Permanently deletes a specific custom board background belonging to the specified Trello member; this operation cannot be undone.
-
TRELLO_DELETE_MEMBER_CUSTOM_STICKERDestructive 4/5Deletes a custom sticker from a Trello member's collection; this permanent action is only available for custom stickers within a Trello Workspace on a paid plan.
-
TRELLO_DELETE_MEMBER_SAVED_SEARCHDestructive 4/5Permanently deletes a specific saved search for a Trello member, used when the search is outdated or no longer needed.
-
TRELLO_DELETE_MEMBERS_BOARD_STARS_BY_ID_MEMBER_BY_ID_BOARD_STARDestructive 4/5Removes a specific starred board (identified by `idBoardStar`) from a Trello member's (identified by `idMember`) list of favorites; `idBoardStar` must be an existing star for th...
-
TRELLO_DELETE_ORG_ASSOCIATED_DOMAINDestructive 4/5Irreversibly deletes an associated email domain from a Trello organization's preferences to update email domain restrictions for workspace membership; the domain must be current...
-
TRELLO_DELETE_ORGANIZATIONS_BY_ID_ORGDestructive 4/5Permanently deletes a Trello organization and all its associated data; this action is irreversible and requires caution.
-
TRELLO_DELETE_ORGANIZATIONS_LOGO_BY_ID_ORGDestructive 4/5Deletes an existing Trello organization's custom logo, restoring its default and leaving other settings unchanged; if no custom logo exists, it succeeds without effect.
-
TRELLO_DELETE_ORGANIZATIONS_MEMBERS_ALL_BY_ID_ORG_BY_ID_MEMBERDestructive 4/5Removes a member entirely from a specific Trello organization, including from all its boards and cards; this action is permanent and does not delete the member's Trello account.
-
TRELLO_DELETE_ORGANIZATIONS_MEMBERS_BY_ID_ORG_BY_ID_MEMBERDestructive 4/5Permanently removes a member from a Trello organization by ID, revoking all access to its content; re-invitation is required for renewed access, and this does not delete the mem...
-
TRELLO_DELETE_ORGANIZATIONS_PREFS_ORG_INVITE_RESTRICT_BY_ID_ORGDestructive 4/5Removes a previously set email domain invitation restriction for a Trello organization.
-
TRELLO_DELETE_TOKENS_BY_TOKENDestructive 4/5Deletes a specific Trello API token, identified by its value in the path, permanently revoking its access; this action is irreversible and used to invalidate compromised or unne...
-
TRELLO_DELETE_TOKENS_WEBHOOKS_BY_TOKEN_BY_ID_WEBHOOKDestructive 4/5Deletes an existing webhook, specified by its `idWebhook`, thereby stopping its notifications.
-
TRELLO_DELETE_WEBHOOKS_BY_ID_WEBHOOKDestructive 4/5Permanently deletes an existing Trello webhook by its `idWebhook`, an irreversible action that stops future notifications.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Trello
Enforce policy on Trello
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init