Delete one or more environment variables from your Rails application on Hatchbox. This tool uses the Hatchbox API to remove environment variables, which will take effect on the next deployment. Useful for cleaning up deprecated configuration or removing sensitive data. Example response: Successfu...
AI agents call deleteEnvVars to permanently remove resources in Pointsyeah — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
This is Destructive rather than Execute because the core function is irreversible deletion of application configuration. While it triggers deployment machinery, the primary risk is data loss—environment variables, once deleted, are gone and must be manually re-entered or recovered from version control if backed up elsewhere.
From the tool's definition Tool name is 'deleteEnvVars' and description explicitly states it 'Delete[s] one or more environment variables from your Rails application'.
Attacks that exploit this kind of access
Delete one or more environment variables from your Rails application on Hatchbox. This tool uses the Hatchbox API to remove environment variables, which will take effect on the next deployment. Useful for cleaning up deprecated configuration or removing sensitive data. Example response: Successfully deleted environment variables: OLD_API_KEY, DEPRECATED_FLAG 23 environment variables remaining. Use cases: - Removing deprecated API keys or credentials - Cleaning up after feature flag removal - Removing temporary configuration values - Deleting test or staging variables from production - Removing unused third-party service configurations - Batch cleanup of multiple obsolete variables Important notes: - Changes require a deployment to take effect - Deleted variables cannot be recovered - verify before deletion - Use getEnvVars to see current variables before deletion - Requires READONLY=false in configuration - Be cautious when deleting critical variables like database URLs. It is categorised as a Destructive tool in the Pointsyeah MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Pointsyeah MCP server in PolicyLayer and add a rule for deleteEnvVars: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Pointsyeah. Nothing to install.
deleteEnvVars is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the deleteEnvVars rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for deleteEnvVars. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
deleteEnvVars is provided by the Pointsyeah MCP server (slack-workspace-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →