내장된 업종코드↔KSIC 매핑 DB의 생성 시각, 원본 CSV 경로, 귀속연도, 레코드 수를 반환합니다. DB 신선도 확인용.
AI agents call upjong_db_info to retrieve information from Taxlaw Nts without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool only retrieves and reports static metadata about a database mapping table. It performs no writes, deletions, executions, or financial operations—only data retrieval. The stated purpose (freshness checking) confirms passive information gathering. Blast radius is minimal: misuse would only expose internal database metadata, not alter systems or trigger external actions.
From the tool's definition Tool returns metadata about an embedded database: 'creation time, original CSV path, attribution year, record count' (생성 시각, 원본 CSV 경로, 귀속연도, 레코드 수).
Attacks that exploit this kind of access
내장된 업종코드↔KSIC 매핑 DB의 생성 시각, 원본 CSV 경로, 귀속연도, 레코드 수를 반환합니다. DB 신선도 확인용. It is categorised as a Read tool in the Taxlaw Nts MCP Server, which means it retrieves data without modifying state.
Register the Taxlaw Nts MCP server in PolicyLayer and add a rule for upjong_db_info: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Taxlaw Nts. Nothing to install.
upjong_db_info is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the upjong_db_info rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for upjong_db_info. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
upjong_db_info is provided by the Taxlaw Nts MCP server (kim-go-chon/taxlaw-nts-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →