High-risk tools in Mcp Cloudron
6 of the 36 tools in Mcp Cloudron are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
cloudron_apply_updateExecuteApply available Cloudron platform update. DESTRUCTIVE OPERATION - services will restart during update. Performs pre-flight validation to check update is available and recommends...
-
cloudron_cancel_taskExecuteCancel a running async operation (kill switch). Returns updated task status with state
-
cloudron_control_appExecuteControl app lifecycle (start, stop, restart). Returns 202 Accepted with task ID for async operation tracking via cloudron_task_status.
-
cloudron_install_appExecuteInstall application from Cloudron App Store with pre-flight validation. Calls F23a (cloudron_validate_manifest) to verify app exists and F36 (cloudron_check_storage) to ensure s...
-
cloudron_repair_appExecuteRepair a broken application. Attempts automatic repair of apps in error state. Use when an app is unhealthy or has installation issues. Returns task ID for async operation track...
-
cloudron_update_appExecuteUpdate an application to a newer version. Performs pre-flight validation to check app exists and is in installed state. Returns task ID for async operation tracking via cloudron...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.