// SCAN REPORT

Tree Sitter

26 tools. 6 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

6 can modify or destroy data
20 read-only
26 tools total

Community server · catalogue entry verified 11/06/2026

How to control Tree Sitter ↓

TOOL MAP

Read (20) Write / Execute (4) Destructive / Financial (2)

MOST DANGEROUS TOOLS

Critical Risk
Destructive · Low clear_cache Clearing a cache is irreversible in that the cached parse trees are discarded and cannot be recovered (they must be recomputed). Destructive · High remove_project_tool This tool irreversibly deletes registered project state from the MCP server's configuration. Execute · Medium build_query Although the description is empty (lowering confidence slightly), the tool name and server context suggest this constructs and likely executes queries against code. Execute · High run_query This tool likely executes tree-sitter queries or similar code analysis operations whose effects depend on the query arguments provided by the user/AI.

6 of Tree Sitter's 26 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL TREE SITTER

PolicyLayer is an MCP gateway — it sits between your AI agents and Tree Sitter, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "clear_cache": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "configure": {
    "limits": [
      {
        "counter": "configure_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "adapt_query": {
    "limits": [
      {
        "counter": "adapt_query_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Tree Sitter — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON TREE SITTER →

Free to start. No card required.

ALL 26 TREE SITTER TOOLS

DESTRUCTIVE 2 tools
Destructive clear_cache Clear the parse tree cache. Args: project: Optional project to clear cache for Destructive remove_project_tool Remove a registered project. Args: name: Project name Returns: Succe
EXECUTE 2 tools
Execute build_query build_query Execute run_query run_query
WRITE 2 tools
Write configure Configure the server. Args: config_path: Path to YAML config file cache_enabl Write register_project_tool Register a project directory for code exploration. Args: path: Path to the project direct
READ 20 tools
Read adapt_query Adapt a query from one language to another. Args: query: Original query string Read analyze_complexity Analyze code complexity. Args: project: Project name file_path: Path to the f Read analyze_project Analyze overall project structure. Args: project: Project name scan_depth: De Read check_language_available Check if a tree-sitter language parser is available. Args: language: Language to check Read diagnose_config Diagnose issues with YAML configuration loading. Args: config_path: Path to YAML config f Read find_similar_code Find code structurally similar to a snippet using AST fingerprinting. Parses the snippet and candidat Read find_text find_text Read find_usage Find usage of a symbol. Args: project: Project name symbol: Symbol name to fi Read get_ast Get abstract syntax tree for a file. Args: project: Project name path: File p Read get_dependencies Find dependencies of a file. Args: project: Project name file_path: Path to t Read get_file Get content of a file. Args: project: Project name path: File path relative t Read get_file_metadata Get metadata for a file. Args: project: Project name path: File path relative Read get_node_at_position Find the AST node at a specific position. Args: project: Project name path: F Read get_node_types Get descriptions of common node types for a language. Args: language: Language name Read get_query_template_tool get_query_template_tool Read get_symbols Extract symbols from a file. Args: project: Project name file_path: Path to t Read list_files list_files Read list_languages List available languages. Returns: Information about available languages Read list_projects_tool List all registered projects. Returns: List of project information Read list_query_templates_tool List available query templates. Args: language: Optional language to filter by R

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
adminautomation
Binance MCP Server 734 tools
adminautomation
Nodebench 724 tools
adminautomation
GoHighLevel MCP Server 566 tools
adminautomation
UnClick 451 tools
adminautomation
NowAIKit — ServiceNow AI Toolkit 446 tools
adminautomation
Mcp Windows 441 tools
adminautomation
0nmcp 407 tools
adminautomation

FAQ

Can an AI agent delete data through the Tree Sitter MCP server? +

Yes. The Tree Sitter server exposes 2 destructive tools including clear_cache, remove_project_tool. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Tree Sitter? +

The Tree Sitter server has 2 write tools including configure, register_project_tool. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Tree Sitter.

How many tools does the Tree Sitter MCP server expose? +

26 tools across 4 categories: Destructive, Execute, Read, Write. 20 are read-only. 6 can modify, create, or delete data.

How do I enforce a policy on Tree Sitter? +

Register the Tree Sitter MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Tree Sitter tool call.

Deterministic rules across all 26 Tree Sitter tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON TREE SITTER →

Free to start. No card required.

26 Tree Sitter tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.