High-risk tools in Mcp Sitecore
17 of the 153 tools in Mcp Sitecore are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
common-invoke-workflow-by-idExecute 3/5Executes workflow action for a Sitecore item by its ID.
-
common-invoke-workflow-by-pathExecute 4/5Executes workflow action for a Sitecore item by its path.
-
common-new-item-clone-by-idExecute 3/5Creates a new item clone based on the item provided by its ID.
-
common-new-item-clone-by-pathExecute 4/5Creates a new item clone based on the item provided by its path.
-
common-new-item-workflow-event-by-idExecute 3/5Creates a new entry in the workflow history for a Sitecore item by its ID.
-
common-new-item-workflow-event-by-pathExecute 4/5Creates a new entry in the workflow history for a Sitecore item by its path.
-
common-restart-applicationExecute 3/5Restarts the Sitecore Application pool.
-
indexing-initialize-search-indexExecute 3/5Initialize one or more Sitecore search indexes. If no name is provided, all indexes will be initialized.
-
indexing-initialize-search-index-item-by-idExecute 4/5Rebuilds the index for a given tree with the specified root item by id and index name. Supports wildcard filtering for the index name.
-
indexing-initialize-search-index-item-by-pathExecute 4/5Rebuilds the index for a given tree with the specified root item by path and index name. Supports wildcard filtering for the index name.
-
indexing-stop-search-indexExecute 3/5Stop one or more Sitecore search indexes. If no name is provided, all running indexes will be stopped.
-
item-service-run-stored-queryExecute 3/5Run a stored Sitecore query by its definition item ID.
-
item-service-run-stored-searchExecute 3/5Run a stored Sitecore search by its definition item ID.
-
run-powershell-scriptExecute 4/5Runs a PowerShell script and returns the output.
-
security-new-domainExecute 3/5Creates a new Sitecore domain.
-
security-new-roleExecute 3/5Creates a new Sitecore role.
-
security-new-userExecute 4/5Creates a new Sitecore user.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Mcp Sitecore
Enforce policy on Mcp Sitecore
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init