High-risk tools in MikroTik Cursor MCP
32 of the 452 tools in MikroTik Cursor MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
mikrotik_auto_discovery_ospf_completeExecuteComplete OSPF auto-discovery and configuration for a site
-
mikrotik_bandwidth_testExecuteRun bandwidth test to another MikroTik device
-
mikrotik_clear_bgp_sessionExecuteReset BGP session
-
mikrotik_create_basic_firewall_setupExecuteCreates a basic firewall setup with common security rules
-
mikrotik_create_containerExecuteCreates a container
-
mikrotik_disable_interfaceExecuteDisables a network interface
-
mikrotik_disable_watchdogExecuteDisables the watchdog
-
mikrotik_disable_wireless_interfaceExecuteDisables a wireless interface
-
mikrotik_enable_bridge_vlan_filteringExecuteEnables VLAN filtering on a bridge
-
mikrotik_enable_capsmanExecuteEnables CAPsMAN (Controlled Access Point System Manager)
-
mikrotik_enable_interfaceExecuteEnables a network interface
-
mikrotik_enable_openvpn_clientExecuteEnable OpenVPN client interface (will attempt connection)
-
mikrotik_enable_packageExecuteEnables a package (requires reboot)
-
mikrotik_enable_watchdogExecuteEnables and configures the watchdog
-
mikrotik_enter_safe_modeExecuteEnter MikroTik Safe Mode for safe configuration changes with automatic rollback
-
mikrotik_execute_approved_operationExecuteExecute a previously approved MikroTik operation with full safety measures (Safe Mode, log monitoring, state verification).
-
mikrotik_execute_with_intelligent_workflowExecuteExecute a MikroTik command using intelligent risk-based workflow. Automatically determines if the operation is low-risk (direct execution) or high-risk (approval → safe mode → e...
-
mikrotik_force_exit_safe_modeExecuteForce exit Safe Mode immediately (emergency use only)
-
mikrotik_force_vrrp_masterExecuteForce VRRP interface to become master (sets priority to 255)
-
mikrotik_import_configurationExecuteImports a configuration script file
-
mikrotik_install_updatesExecuteInstalls downloaded package updates (⚠️ reboots router!)
-
mikrotik_pingExecutePing a host from the MikroTik router
-
mikrotik_reboot_systemExecuteReboots the MikroTik device (requires confirmation)
-
mikrotik_run_scheduled_taskExecuteManually runs a scheduled task immediately
-
mikrotik_set_watchdog_ping_targetExecuteSets the ping target for watchdog monitoring (reboots if ping fails)
-
mikrotik_setup_vpn_clientExecuteComplete VPN client setup in one command (creates interface, adds IP, configures peer, tests)
-
mikrotik_sign_certificateExecuteSigns a certificate (self-sign or with CA)
-
mikrotik_start_containerExecuteStarts a container
-
mikrotik_stop_containerExecuteStops a container
-
mikrotik_test_dns_queryExecuteTests a DNS query
-
mikrotik_tracerouteExecuteTraceroute to a host from the MikroTik router
-
mikrotik_update_packagesExecuteChecks for and downloads package updates
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.