Critical-risk tools in Xdevplatform/xmcp
14 of the 135 tools in Xdevplatform/xmcp are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
deleteAccountActivitySubscriptionDestructiveDelete an account activity subscription.
-
deleteActivitySubscriptionDestructiveDelete an activity subscription.
-
deleteAllConnectionsDestructiveDelete all webhook or streaming connections for the authenticated app.
-
deleteCommunityNotesDestructiveDelete a community note previously created by the authenticated user.
-
deleteConnectionsByEndpointDestructiveDelete a specific connection endpoint.
-
deleteConnectionsByUuidsDestructiveDelete connections by their unique identifiers.
-
deleteDirectMessagesEventsDestructiveDelete a specific direct message event permanently.
-
deleteListsDestructivePermanently delete a list and remove all its members.
-
deleteMediaSubtitlesDestructiveRemove subtitle tracks from uploaded video media.
-
deletePostsDestructivePermanently delete a post created by the authenticated user.
-
deleteUsersBookmarkDestructiveRemove a post from the authenticated user bookmarks.
-
removeListsMemberByUserIdDestructiveRemove a user from a list membership.
-
chatMediaUploadFinalizeFinancialFinalise a chat media upload and make it ready to attach to a message.
-
finalizeMediaUploadFinancialFinalise a media upload and make it ready to attach to a post.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.