// SCAN REPORT

dbt CLI MCP Server

9 tools. 7 can modify or destroy data without limits.

7 write tools that can modify data. Rate limits recommended.

Last updated: 11 Jun 2026

7 can modify or destroy data

2 read-only

9 tools total

Community server · catalogue entry verified 11/06/2026

How to control dbt CLI MCP Server ↓

TOOL MAP

What dbt CLI MCP Server exposes to your agents

Read (2) Write / Execute (7) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

High Risk

The most dangerous dbt CLI MCP Server tools

Execute · High dbt_build dbt build combines dbt run and dbt test operations, executing data transformation logic that modifies database state. Execute · High dbt_compile dbt_compile executes code transformation logic whose output depends on project configuration and arguments. Execute · High dbt_debug dbt_debug typically triggers diagnostic operations against dbt projects and connected data warehouses. Execute · Medium dbt_deps dbt deps downloads and executes dependency installation, which involves fetching external code and writing it to the local filesystem.

7 of dbt CLI MCP Server's 9 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control dbt CLI MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and dbt CLI MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations

{
  "dbt_ls": {
    "limits": [
      {
        "counter": "dbt_ls_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register dbt CLI MCP Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON DBT CLI →

Free to start. No card required.

FULL CATALOGUE

All 9 dbt CLI MCP Server tools

EXECUTE 7 tools

Execute dbt_build dbt_build Execute dbt_compile dbt_compile Execute dbt_debug dbt_debug Execute dbt_deps dbt_deps Execute dbt_run dbt_run Execute dbt_seed dbt_seed Execute dbt_test dbt_test

READ 2 tools

Read dbt_ls dbt_ls Read dbt_show dbt_show

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about dbt CLI MCP Server

Is the dbt CLI MCP Server MCP server safe to use without restrictions? +

The dbt CLI MCP Server server is primarily read-only with 2 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the dbt CLI MCP Server MCP server expose? +

9 tools across 2 categories: Execute, Read. 2 are read-only. 7 can modify, create, or delete data.

How do I enforce a policy on dbt CLI MCP Server? +

Register the dbt CLI MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every dbt CLI MCP Server tool call.

Deterministic rules across all 9 dbt CLI MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON DBT CLI →

Free to start. No card required.

9 dbt CLI MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.