Critical-risk tools in Godot
12 of the 282 tools in Godot are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_fileDestructiveDelete a file with .bak backup.
-
editor_delete_assetDestructiveDelete a file or folder via editor.
-
editor_delete_selectedDestructiveDelete currently selected nodes.
-
editor_remove_autoloadDestructiveRemove an autoload singleton via editor API.
-
editor_remove_input_actionDestructiveRemove an input action via editor API.
-
editor_remove_nodeDestructiveRemove a node from the currently open scene.
-
remove_animation_trackDestructiveRemove track from animation.
-
remove_audio_busDestructiveRemove audio bus.
-
remove_autoloadDestructiveRemove an autoload entry.
-
remove_input_actionDestructiveRemove an input action.
-
remove_nodeDestructiveRemove a node from a scene.
-
remove_shader_graph_nodeDestructiveRemove a node from a VisualShader graph by index.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.