High-risk tools in GoHighLevel MCP Server

High severity GoHighLevel MCP Server MCP Server 7 of 406 tools

7 of the 406 tools in GoHighLevel MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

start-twitter-oauth Execute

<div><div> <span style=
start-csv-finalize Execute

Start CSV Finalize
get-location-access-token Execute

This API allows you to generate locationAccessToken from AgencyAccessToken
live-chat-agent-typing Execute

Agent/AI-Bot will call this when they are typing a message in live chat message
pause-location-deprecated Execute

Pause Sub account for given locationId
add-contact-to-workflow Execute

Add Contact to Workflow
send-a-new-message Execute

Post the necessary fields for the API to send a new message.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in GoHighLevel MCP Server

Tools at high risk

Attacks that target this class

More on GoHighLevel MCP Server

Enforce policy on every GoHighLevel MCP Server tool call.