High-risk tools in Google Cloud NetApp Volumes MCP Server
8 of the 85 tools in Google Cloud NetApp Volumes MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
gcnv_kms_config_verifyExecuteVerifies KMS config reachability after granting CMEK permissions; typically run after following the instructions returned by gcnv_kms_config_get when state is KEY_CHECK_PENDING
-
gcnv_replication_establish_peeringExecuteEstablishes replication peering between clusters
-
gcnv_replication_resumeExecuteResumes a paused replication
-
gcnv_replication_reverse_directionExecuteReverses the direction of an existing replication
-
gcnv_replication_stopExecuteStops an active replication
-
gcnv_replication_syncExecuteSyncs the replication - invokes one time volume data transfer from source to destination
-
gcnv_storage_pool_validate_directory_serviceExecuteValidates directory service policy attached to a storage pool
-
ontap_executeExecuteExecutes an ONTAP REST API call on an ONTAP expert mode pool.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.