High-risk tools in Fleet

High severity Fleet MCP Server 5 of 39 tools

5 of the 39 tools in Fleet are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

fleet_audit_run Execute

Run an App Store compliance audit on a mobile app project via greenlight preflight.
fleet_deploy Execute

Deploy an app: build and restart
fleet_secrets_unseal Execute

Decrypt vault to /run/fleet-secrets/. WARNING: This overwrites any runtime changes that were not sealed back to the vault. Use fleet_secrets_drift first to check for unsaved cha...
fleet_deps_scan Execute

Run a fresh dependency scan across all registered apps
fleet_git_push Execute

Push current branch to origin

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Fleet

Tools at high risk

Attacks that target this class

More on Fleet

Enforce policy on every Fleet tool call.