High-risk tools in Salesforce MCP Server
9 of the 41 tools in Salesforce MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
deploy_startExecuteDeploy metadata to Salesforce org with test execution options.
-
execute_anonymous_apexExecuteExecute Apex code in a Salesforce Org. This command allows you to run Apex code directly against a specified Salesforce Org. The code is executed in the context of the Org, and ...
-
run_apex_testsExecuteRun Apex tests in a Salesforce Org. This command allows you to execute unit tests with various options including test level, specific classes, suites, and code coverage collecti...
-
run_code_analyzerExecuteAnalyze code for quality and security issues. Run list_code_analyzer_rules first to select appropriate rules for ruleSelector parameter.
-
scanner_runExecuteScan codebase with security and quality rules. Defaults to all rules if none specified.
-
scanner_run_dfaExecuteRun Graph Engine for Apex data flow analysis. Detects complex security issues like SOQL/SQL injection.
-
openExecuteOpen your Salesforce org in a browser. To open a specific page, specify the portion of the URL after
-
open_recordExecuteOpens a Salesforce record in a browser.
-
package_installExecuteInstall or upgrade a package version in a Salesforce org. Supports both package IDs (04t) and aliases with various configuration options.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.