Looker MCP Server

129 tools. 74 can modify or destroy data without limits.

27 destructive tools with no built-in limits. Policy required.

Last updated:

74 can modify or destroy data
55 read-only
129 tools total

Community server · catalogue entry verified 30/06/2026

How to control Looker MCP Server ↓

What Looker MCP Server exposes to your agents

Read (55) Write / Execute (47) Destructive / Financial (27)
Critical Risk

The most dangerous Looker MCP Server tools

74 of Looker MCP Server's 129 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Looker MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Looker MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_board": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_dashboard_filter": {
    "limits": [
      {
        "counter": "add_dashboard_filter_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "audit_instance_health": {
    "limits": [
      {
        "counter": "audit_instance_health_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Looker MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON LOOKER →

Instant setup, no code required.

All 129 Looker MCP Server tools

DESTRUCTIVE 27 tools
Destructive delete_board Delete a board. This action cannot be undone. Destructive delete_board_item Remove an item from a board section. Destructive delete_board_section Delete a board section and all its items. Destructive delete_connection delete_connection Destructive delete_credentials_api3 delete_credentials_api3 Destructive delete_credentials_email delete_credentials_email Destructive delete_credentials_oidc delete_credentials_oidc Destructive delete_credentials_saml delete_credentials_saml Destructive delete_credentials_totp delete_credentials_totp Destructive delete_dashboard Delete a dashboard. This action cannot be undone. Destructive delete_file delete_file Destructive delete_git_branch delete_git_branch Destructive delete_group Delete a group. This action cannot be undone. Destructive delete_look Delete a saved Look. This action cannot be undone. Destructive delete_model_set Delete a model set. This action cannot be undone. Destructive delete_permission_set Delete a permission set. This action cannot be undone. Destructive delete_project delete_project Destructive delete_role Delete a role. This action cannot be undone. Destructive delete_schedule Delete a scheduled delivery plan. Destructive delete_user Delete a user from Looker. This action cannot be undone. Destructive delete_user_attribute delete_user_attribute Destructive delete_user_attribute_user_value delete_user_attribute_user_value Destructive remove_group_from_group remove_group_from_group Destructive remove_group_user Remove a user from a group. Destructive reset_datagroup reset_datagroup Destructive reset_to_production reset_to_production Destructive rollback_to_production rollback_to_production
WRITE 38 tools
Write add_dashboard_filter Add a filter to a dashboard. Write add_group_user Add a user to a group. Write create_board Create a new board with a title and optional description. Write create_board_section Create a new section within a board. Write create_connection create_connection Write create_credentials_api3 create_credentials_api3 Write create_credentials_email Attach email/password credentials to a user so they can log in. Write create_dashboard Create a new empty dashboard in the specified folder. Write create_file create_file Write create_folder Create a new folder inside a parent folder. Write create_git_branch create_git_branch Write create_group Create a new user group. Write create_look create_look Write create_model_set Create a custom model set with specified LookML models. Write create_permission_set Create a custom permission set with specified permissions. Write create_project create_project Write create_role Create a new role with specified permissions and model access. Write create_user create_user Write disable_stale_sessions disable_stale_sessions Write grant_access grant_access Write set_role_groups set_role_groups Write set_role_users set_role_users Write set_user_attribute_group_values set_user_attribute_group_values Write set_user_roles set_user_roles Write terminate_session terminate_session Write update_board Update a board Write update_board_item Update a board item Write update_board_section Update a board section Write update_dashboard Update a dashboard Write update_file update_file Write update_folder Update a folder Write update_group update_group Write update_look Update a Look Write update_model_set Update an existing model set Write update_permission_set Update an existing permission set Write update_role Update an existing role Write update_schedule update_schedule Write update_user_attribute update_user_attribute
READ 55 tools
Read audit_instance_health audit_instance_health Read find_stale_content find_stale_content Read get_board get_board Read get_board_item Get a board item by ID. Read get_board_section Get a board section by ID, including its items. Read get_credentials_api3 get_credentials_api3 Read get_credentials_email get_credentials_email Read get_credentials_ldap get_credentials_ldap Read get_credentials_oidc get_credentials_oidc Read get_credentials_saml get_credentials_saml Read get_datagroup get_datagroup Read get_explore get_explore Read get_file get_file Read get_folder Get a folder by ID, including metadata and content counts. Read get_folder_children get_folder_children Read get_folder_dashboards List all dashboards saved in a specific folder. Read get_folder_looks List all Looks saved in a specific folder. Read get_git_branch Get the currently active Git branch for a LookML project. Read get_git_branch_by_name get_git_branch_by_name Read get_model get_model Read get_project get_project Read get_project_ci_run get_project_ci_run Read get_project_manifest get_project_manifest Read get_query_history get_query_history Read get_role Get detailed information about a specific role. Read get_user Get detailed information about a specific user. Read get_user_attribute get_user_attribute Read get_user_roles Get all roles assigned to a specific user. Read health_analyze health_analyze Read health_pulse health_pulse Read health_vacuum health_vacuum Read list_active_sessions list_active_sessions Read list_boards Search for boards by title or other criteria. Read list_columns list_columns Read list_connection_dialects list_connection_dialects Read list_connections List all database connections configured in the Looker instance. Read list_dashboards Search for dashboards by title, description, or other criteria. Read list_databases List all databases accessible through a Looker connection. Read list_folders Search for folders by name or parent folder. Read list_git_branches List all Git branches for a LookML project. Read list_group_users list_group_users Read list_groups List all user groups in Looker. Read list_looks Search for saved Looks by title, description, or other criteria. Read list_model_sets List all model sets defined in Looker. Read list_models list_models Read list_permission_sets List all permission sets defined in Looker. Read list_permissions list_permissions Read list_projects List all LookML projects in the Looker instance. Read list_roles List all roles defined in Looker. Read list_schedules List all scheduled delivery plans. Read list_schemas List schemas in a database accessible through a Looker connection. Read list_tables List tables in a schema accessible through a Looker connection. Read list_users List all users in the Looker instance. Read query_url query_url Read search_content search_content

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Looker MCP Server

Can an AI agent delete data through the Looker MCP Server MCP server? +

Yes. The Looker MCP Server server exposes 27 destructive tools including delete_board, delete_board_item, delete_board_section. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Looker MCP Server? +

The Looker MCP Server server has 38 write tools including add_dashboard_filter, add_group_user, create_board. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Looker MCP Server.

How many tools does the Looker MCP Server MCP server expose? +

129 tools across 4 categories: Destructive, Execute, Read, Write. 55 are read-only. 74 can modify, create, or delete data.

How do I enforce a policy on Looker MCP Server? +

Register the Looker MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Looker MCP Server tool call.

Deterministic rules across all 129 Looker MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

129 Looker MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.