// SCAN REPORT

MCP ClickHouse

55 tools. 27 can modify or destroy data without limits.

7 destructive tools with no built-in limits. Policy required.

Last updated:

27 can modify or destroy data
28 read-only
55 tools total

Community server · catalogue entry verified 12/06/2026

How to control MCP ClickHouse ↓

TOOL MAP

What MCP ClickHouse exposes to your agents

Read (28) Write / Execute (20) Destructive / Financial (7)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous MCP ClickHouse tools

Destructive · High cloud_delete_api_key Deletion of API keys is a destructive action that cannot be undone. Destructive · High cloud_delete_clickpipe The tool performs an irreversible deletion operation on a ClickHouse Cloud resource (ClickPipe). Destructive · Medium cloud_delete_invitation This tool irreversibly deletes data (an invitation record) and cannot be undone. Destructive · High cloud_delete_query_endpoint_config This tool irreversibly deletes a query endpoint configuration, which is a destructive operation.

27 of MCP ClickHouse's 55 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control MCP ClickHouse

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP ClickHouse, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cloud_delete_api_key": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "cloud_create_api_key": {
    "limits": [
      {
        "counter": "cloud_create_api_key_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "cloud_get_activity": {
    "limits": [
      {
        "counter": "cloud_get_activity_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MCP ClickHouse — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP CLICKHOUSE →

Free to start. No card required.

FULL CATALOGUE

All 55 MCP ClickHouse tools

DESTRUCTIVE 7 tools
Destructive cloud_delete_api_key Delete an API key. Destructive cloud_delete_clickpipe Delete a ClickPipe. Destructive cloud_delete_invitation Delete/cancel an invitation. Destructive cloud_delete_query_endpoint_config Delete query endpoint configuration for a service (experimental). Destructive cloud_delete_reverse_private_endpoint Delete a reverse private endpoint (beta). Destructive cloud_delete_service Delete a service (must be stopped first). Destructive cloud_remove_member Remove a member from the organization.
EXECUTE 3 tools
Execute run_query Run a query in a ClickHouse database. Execute cloud_update_clickpipe_state Start, stop, or resync a ClickPipe. Execute cloud_update_service_state Start or stop a service.
WRITE 17 tools
Write cloud_create_api_key cloud_create_api_key Write cloud_create_clickpipe cloud_create_clickpipe Write cloud_create_invitation Create an invitation to join the organization. Write cloud_create_query_endpoint_config cloud_create_query_endpoint_config Write cloud_create_reverse_private_endpoint cloud_create_reverse_private_endpoint Write cloud_create_service cloud_create_service Write cloud_create_service_private_endpoint Create a new private endpoint for a service. Write cloud_update_api_key cloud_update_api_key Write cloud_update_backup_configuration cloud_update_backup_configuration Write cloud_update_clickpipe cloud_update_clickpipe Write cloud_update_clickpipe_scaling cloud_update_clickpipe_scaling Write cloud_update_member_role Update organization member role. Write cloud_update_organization Update organization details. Write cloud_update_service cloud_update_service Write cloud_update_service_password cloud_update_service_password Write cloud_update_service_replica_scaling cloud_update_service_replica_scaling Write cloud_update_service_scaling cloud_update_service_scaling
READ 28 tools
Read cloud_get_activity Get details of a specific activity. Read cloud_get_api_key Get details of a specific API key. Read cloud_get_available_regions Get information about available cloud regions. Read cloud_get_backup Get details of a specific backup. Read cloud_get_backup_configuration Get backup configuration for a service. Read cloud_get_clickpipe Get details of a specific ClickPipe. Read cloud_get_invitation Get details of a specific invitation. Read cloud_get_member Get details of a specific organization member. Read cloud_get_organization Get details of a specific organization. Read cloud_get_organization_metrics Get Prometheus metrics for all services in an organization. Read cloud_get_organization_private_endpoint_info Get private endpoint information for organization. Read cloud_get_private_endpoint_config Get private endpoint configuration for a service. Read cloud_get_query_endpoint_config Get query endpoint configuration for a service (experimental). Read cloud_get_reverse_private_endpoint Get details of a specific reverse private endpoint (beta). Read cloud_get_service Get details of a specific service. Read cloud_get_service_metrics Get Prometheus metrics for a service. Read cloud_get_usage_cost cloud_get_usage_cost Read cloud_list_activities List organization activities (audit log). Read cloud_list_api_keys List all API keys in an organization. Read cloud_list_backups List all backups for a service. Read cloud_list_clickpipes List all ClickPipes for a service. Read cloud_list_invitations List all pending invitations for an organization. Read cloud_list_members List all members in an organization. Read cloud_list_organizations List available ClickHouse Cloud organizations. Read cloud_list_reverse_private_endpoints List all reverse private endpoints for a service (beta). Read cloud_list_services List all services in an organization. Read list_databases List available ClickHouse databases. Read list_tables list_tables
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about MCP ClickHouse

Can an AI agent delete data through the MCP ClickHouse MCP server? +

Yes. The MCP ClickHouse server exposes 7 destructive tools including cloud_delete_api_key, cloud_delete_clickpipe, cloud_delete_invitation. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MCP ClickHouse? +

The MCP ClickHouse server has 17 write tools including cloud_create_api_key, cloud_create_clickpipe, cloud_create_invitation. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP ClickHouse.

How many tools does the MCP ClickHouse MCP server expose? +

55 tools across 4 categories: Destructive, Execute, Read, Write. 28 are read-only. 27 can modify, create, or delete data.

How do I enforce a policy on MCP ClickHouse? +

Register the MCP ClickHouse MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP ClickHouse tool call.

Deterministic rules across all 55 MCP ClickHouse tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MCP CLICKHOUSE →

Free to start. No card required.

55 MCP ClickHouse tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.