Critical-risk tools in MCP ClickHouse

Critical severity MCP ClickHouse MCP Server 7 of 55 tools

7 of the 55 tools in MCP ClickHouse are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

cloud_delete_api_key Destructive

Delete an API key.
cloud_delete_clickpipe Destructive

Delete a ClickPipe.
cloud_delete_invitation Destructive

Delete/cancel an invitation.
cloud_delete_query_endpoint_config Destructive

Delete query endpoint configuration for a service (experimental).
cloud_delete_reverse_private_endpoint Destructive

Delete a reverse private endpoint (beta).
cloud_delete_service Destructive

Delete a service (must be stopped first).
cloud_remove_member Destructive

Remove a member from the organization.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Privilege escalation via admin-only tools
Data exfiltration via tool chaining
Runaway Tool Loops

Critical-risk tools in MCP ClickHouse

Tools at critical risk

Attacks that target this class

More on MCP ClickHouse

Enforce policy on every MCP ClickHouse tool call.