High-risk tools in Synology MCP Server
9 of the 70 tools in Synology MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
install_dsm_updateExecuteDownload and install an available DSM update, then reboot. [control][power]
-
manage_downloadExecutePause, resume or delete download tasks. [control]
-
reboot_nasExecuteReboot the NAS. [control][power] Requires SYNOLOGY_ENABLE_POWER_CONTROL=true.
-
run_backup_taskExecuteStart a Hyper Backup task immediately. [control]
-
run_scheduled_taskExecuteTrigger a scheduled task to run immediately. [control]
-
set_container_stateExecuteStart, stop or restart a Docker container. [control]
-
set_file_serviceExecuteEnable or disable a file-sharing protocol. [control]
-
set_package_stateExecuteStart or stop an installed package. [control]
-
set_vm_stateExecutePower a virtual machine on or off. [control]
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.