Critical-risk tools in Youtube

Critical severity Youtube MCP Server 4 of 36 tools

4 of the 36 tools in Youtube are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

youtube_delete_comment Destructive 4/5

Delete a comment. This action is irreversible. Requires OAuth credentials (CLIENT_ID + CLIENT_SECRET + REFRESH_TOKEN). Costs 50 quota units.
youtube_delete_playlist Destructive 4/5

Delete a playlist. This action is irreversible. Requires OAuth credentials (CLIENT_ID + CLIENT_SECRET + REFRESH_TOKEN). Costs 50 quota units.
youtube_rate_video Destructive 4/5

Like, dislike, or remove rating from a video. Requires OAuth credentials (CLIENT_ID + CLIENT_SECRET + REFRESH_TOKEN). Costs 50 quota units.
youtube_remove_playlist_item Destructive 4/5

Remove a video from a playlist by playlist item ID (not video ID). Use youtube_list_playlist_items to find the item ID. Requires OAuth credentials (CLIENT_ID + CLIENT_SECRET + R...

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Critical-risk tools in Youtube

Tools at critical risk

Attacks that target this class

More on Youtube

Enforce policy on Youtube