High-risk tools in Salesforce CLI MCP Server
9 of the 38 tools in Salesforce CLI MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
deploy_startExecuteDeploy source code from a Salesforce project to an org. This command must be run from within a Salesforce DX project directory. Use various flags to control what gets deployed (...
-
execute_anonymous_apexExecuteExecute Apex code in a Salesforce Org from a project. This command allows you to run Apex code directly against a specified Salesforce Org. The code is executed in the context o...
-
execute_soql_queryExecuteExecute a raw SOQL query against a Salesforce Org from a project. This command allows you to execute any SOQL query with complete control over the query structure. The query is ...
-
login_into_orgExecuteAuthenticate and login to a Salesforce org via web browser. This command opens a browser window for OAuth authentication flow, allowing you to securely connect to a Salesforce o...
-
openExecuteOpen your Salesforce org in a browser. To open a specific page, specify the portion of the URL after
-
run_apex_testsExecuteRun Apex tests in a Salesforce Org from a project. This command allows you to execute unit tests with various options including test level, specific classes, suites, and code co...
-
run_code_analyzerExecuteAnalyze your code from a project with a selection of rules to ensure good coding practices. You can scan your codebase with the recommended rules. Or use flags to filter the rul...
-
scanner_runExecuteScan a codebase from a project with a selection of rules. Evaluates rules against specified files and outputs results. When invoked without specifying any rules, all rules are r...
-
scanner_run_dfaExecuteRun Salesforce Graph Engine from a project to scan Apex code for data flow analysis issues. This performs path-based analysis to identify complex issues like SQL injection, SOQL...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.