High-risk tools in Cloud Manage MCP Server
11 of the 30 tools in Cloud Manage MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
manage_instance_powerExecutemanage_instance_power
-
power_off_alibaba_instanceExecute强制停止阿里云ECS实例(需要三次确认)
-
power_off_digitalocean_dropletExecute强制关闭DigitalOcean Droplet(需要三次确认)
-
power_off_vultr_instanceExecute强制关闭Vultr实例(需要三次确认)
-
power_on_alibaba_instanceExecute启动阿里云ECS实例(需要三次确认)
-
power_on_digitalocean_dropletExecute开启DigitalOcean Droplet(需要三次确认)
-
power_on_vultr_instanceExecute开启Vultr实例(需要三次确认)
-
reboot_alibaba_instanceExecute重启阿里云ECS实例(需要三次确认)
-
reboot_digitalocean_dropletExecute重启DigitalOcean Droplet(需要三次确认)
-
reboot_vultr_instanceExecute重启Vultr实例(需要三次确认)
-
shutdown_digitalocean_dropletExecute优雅关闭DigitalOcean Droplet(需要三次确认)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.