High-risk tools in Grafana MCP Server
12 of the 80 tools in Grafana MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
diagnose_dropsExecuteRun a comprehensive diagnostic battery against a sensor to identify where drops are occurring and why.
-
discover_sensorsExecuteScan ports for active SSH-tunneled Corelight sensor Grafana instances.
-
fleet_regression_sweepExecuteRun a regression sweep across all discovered sensors against a specific build.
-
fleet_verdictExecuteRun performance verdict against all discovered sensors in parallel. Returns per-sensor results and fleet summary.
-
ixia_set_rateExecuteSet the Ixia traffic replayer to a specific rate in Gbps.
-
ixia_stopExecuteStop the Ixia traffic replayer. Halts all traffic generation on the specified replayer.
-
query_lokiExecuteExecute a LogQL query against a Loki datasource to search logs
-
query_prometheusExecuteExecute a PromQL query against a Prometheus datasource
-
query_sensor_metricExecuteExecute arbitrary PromQL against a sensor\
-
start_ramp_testExecuteStart a RAMP performance test on the RAMP server.
-
stop_ramp_testExecuteStop a running RAMP test by killing its tmux session on the RAMP server.
-
test_contact_pointExecuteSend a test notification to a contact point
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.