Critical-risk tools in Mcp Gitlab
8 of the 101 tools in Mcp Gitlab are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_epic_noteDestructiveDelete an existing epic note. This is destructive and cannot be undone. dry_run=true by default.
-
delete_fileDestructiveDelete a file from a repository. dry_run=true by default. This is destructive on the branch.
-
delete_issue_noteDestructiveDelete an existing issue note. This is destructive and cannot be undone. dry_run=true by default.
-
delete_labelDestructiveDelete a label from a group. dry_run=true by default. This is destructive and cannot be undone.
-
delete_mr_approval_ruleDestructiveDelete a project-level MR approval rule. dry_run=true by default. This is destructive.
-
delete_mr_noteDestructiveDelete an existing MR note. This is destructive and cannot be undone. dry_run=true by default.
-
remove_memberDestructiveRemove a user from a group or project. dry_run=true by default. This is destructive.
-
unprotect_branchDestructiveRemove branch protection rules from a branch. dry_run=true by default.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.