High-risk tools in Databricks MCP Server
4 of the 17 tools in Databricks MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
mcp_create_and_run_job_for_notebookExecuteCreate and run a Databricks job for a given notebook path using serverless compute. Returns job/run IDs and Databricks URLs for monitoring.
-
mcp_create_and_run_serverless_dlt_pipelineExecuteCreate and run a serverless Delta Live Tables pipeline for a given notebook path. Returns pipeline/update IDs and Databricks URLs for monitoring.
-
mcp_run_jobExecutemcp_run_job
-
mcp_submit_codeExecutemcp_submit_code
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.