High-risk tools in Mcp Sitecore
17 of the 153 tools in Mcp Sitecore are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
common-invoke-workflow-by-idExecuteExecutes workflow action for a Sitecore item by its ID.
-
common-invoke-workflow-by-pathExecuteExecutes workflow action for a Sitecore item by its path.
-
common-new-item-clone-by-idExecuteCreates a new item clone based on the item provided by its ID.
-
common-new-item-clone-by-pathExecuteCreates a new item clone based on the item provided by its path.
-
common-new-item-workflow-event-by-idExecuteCreates a new entry in the workflow history for a Sitecore item by its ID.
-
common-new-item-workflow-event-by-pathExecuteCreates a new entry in the workflow history for a Sitecore item by its path.
-
common-restart-applicationExecuteRestarts the Sitecore Application pool.
-
indexing-initialize-search-indexExecuteInitialize one or more Sitecore search indexes. If no name is provided, all indexes will be initialized.
-
indexing-initialize-search-index-item-by-idExecuteRebuilds the index for a given tree with the specified root item by id and index name. Supports wildcard filtering for the index name.
-
indexing-initialize-search-index-item-by-pathExecuteRebuilds the index for a given tree with the specified root item by path and index name. Supports wildcard filtering for the index name.
-
indexing-stop-search-indexExecuteStop one or more Sitecore search indexes. If no name is provided, all running indexes will be stopped.
-
item-service-run-stored-queryExecuteRun a stored Sitecore query by its definition item ID.
-
item-service-run-stored-searchExecuteRun a stored Sitecore search by its definition item ID.
-
run-powershell-scriptExecuteRuns a PowerShell script and returns the output.
-
security-new-domainExecuteCreates a new Sitecore domain.
-
security-new-roleExecuteCreates a new Sitecore role.
-
security-new-userExecuteCreates a new Sitecore user.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.