cmake · Github MCP: Risk & Policy

WHAT IT DOES

What cmake does on Github

AI agents invoke cmake to trigger actions in Github. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.

WHY IT NEEDS A POLICY

Why cmake needs a policy

CMake operations constitute executing build system commands that compile code and run tests. The 'build' and 'test' actions in particular can execute arbitrary code defined in CMakeLists.txt files and invoke compilers/linkers with side effects that depend on project configuration. While not directly shell command execution, this is functionally equivalent to running code.

From the tool's definition Tool performs "configure, build, test, list-presets, install, clean" operations via CMake build system. These are code compilation and execution operations that run arbitrary build configurations and can trigger external commands.

Attacks that exploit this kind of access

Recommended rule Ready

Verdict

cmake Rate-limited

cmake stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

View as policy code

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "cmake": {
      "limits": [
        {
          "counter": "cmake_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

RATE-LIMIT THIS TOOL →

Instant setup, no code required.

PolicyLayer is an MCP gateway: every tool call is checked against your rule before it reaches Github, so you can run agents against it safely.

FAQ

Questions about cmake

What does the cmake tool do? +

CMake build system operations: configure, build, test, list-presets, install, clean. It is categorised as a Execute tool in the Github MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on cmake? +

Register the Github MCP server in PolicyLayer and add a rule for cmake: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Github. Nothing to install.

What risk level is cmake? +

cmake is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit cmake? +

Yes. Add a rate_limit block to the cmake rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block cmake completely? +

Set action: deny in the PolicyLayer policy for cmake. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides cmake? +

cmake is provided by the Github MCP server (@paretools/github). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.