// SCAN REPORT

Awslabs Valkey

105 tools. 47 can modify or destroy data without limits.

6 destructive tools with no built-in limits. Policy required.

Last updated:

47 can modify or destroy data
58 read-only
105 tools total
// TOOL MAP
Read (58) Write / Execute (41) Destructive / Financial (6)
// WHAT CAN GO WRONG

Destructive tools (delete, json_clear, json_del) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (bitmap_set, expire, hash_set) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (bitmap_pos, json_arrindex, json_arrtrim) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

// RECOMMENDED RULES
Deny destructive operations
delete:
  rules:
    - action: deny

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
bitmap_set:
  rules:
    - rate_limit: 30/hour

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
bitmap_count:
  rules:
    - rate_limit: 60/minute

Controls API costs and prevents retry loops from exhausting upstream rate limits.

// ALL 105 AWSLABS VALKEY TOOLS
DESTRUCTIVE 6 tools
Destructive delete Destructive json_clear Destructive json_del Destructive stream_delete Destructive stream_group_delete_consumer Destructive stream_group_destroy
EXECUTE 4 tools
Execute bitmap_pos Execute json_arrindex Execute json_arrtrim Execute stream_range
WRITE 37 tools
Write bitmap_set Write expire Write hash_set Write hash_set_if_not_exists Write hash_set_multiple Write hll_add Write json_set Write json_type Write rename Write set_add Write set_cardinality Write set_contains Write set_members Write set_move Write set_pop Write set_random_member Write set_remove Write sorted_set_add Write sorted_set_add_incr Write sorted_set_cardinality Write sorted_set_popmax Write sorted_set_popmin Write sorted_set_range Write sorted_set_range_by_lex Write sorted_set_range_by_score Write sorted_set_rank Write sorted_set_remove Write sorted_set_remove_by_lex Write sorted_set_remove_by_rank Write sorted_set_remove_by_score Write sorted_set_score Write stream_add Write stream_group_create Write stream_group_set_id Write string_set Write string_set_range Write type
READ 58 tools
Read bitmap_count Read bitmap_get Read client_list Read dbsize Read hash_exists Read hash_get Read hash_get_all Read hash_increment Read hash_keys Read hash_length Read hash_random_field Read hash_random_field_with_values Read hash_strlen Read hash_values Read hll_count Read info Read json_arrappend Read json_arrlen Read json_arrpop Read json_get Read json_numincrby Read json_nummultby Read json_objkeys Read json_objlen Read json_strappend Read json_strlen Read json_toggle Read list_append Read list_append_multiple Read list_get Read list_insert_after Read list_insert_before Read list_length Read list_move Read list_pop_left Read list_pop_right Read list_position Read list_prepend Read list_prepend_multiple Read list_range Read list_remove Read list_set Read list_trim Read stream_info Read stream_info_consumers Read stream_info_groups Read stream_length Read stream_read Read stream_read_group Read stream_trim Read string_append Read string_decrement Read string_get Read string_get_range Read string_get_set Read string_increment Read string_increment_float Read string_length
// FAQ
Can an AI agent delete data through the Awslabs Valkey MCP server? +

Yes. The Awslabs Valkey server exposes 6 destructive tools including delete, json_clear, json_del. These permanently remove resources with no undo. Intercept blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Awslabs Valkey? +

The Awslabs Valkey server has 37 write tools including bitmap_set, expire, hash_set. Set rate limits in your policy file -- for example, rate_limit: 10/hour prevents an agent from making more than 10 modifications per hour. Intercept enforces this at the transport layer.

How many tools does the Awslabs Valkey MCP server expose? +

105 tools across 4 categories: Destructive, Execute, Read, Write. 58 are read-only. 47 can modify, create, or delete data.

How do I add Intercept to my Awslabs Valkey setup? +

One line change. Instead of running the Awslabs Valkey server directly, prefix it with Intercept: intercept -c amazon-elasticache-memorydb-valkey-mcp-server.yaml -- npx -y @awslabs.valkey-mcp-server. Download a pre-built policy from policylayer.com/policies/amazon-elasticache-memorydb-valkey-mcp-server and adjust the limits to match your use case.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies available for each. Same risk classification, same one-command setup.

Mcp Api 314 tools
adminautomation
Aibtc 308 tools
adminautomation
SmartBear MCP 243 tools
adminautomation
Google Super 200 tools
adminautomation
Arcane 180 tools
adminautomation
Propresenter 177 tools
adminautomation
Leaper Vision Toolkit 169 tools
adminautomation
Opencut Controller 161 tools
adminautomation

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.