Execute a read-only SQL query (SELECT/WITH/SHOW) against the KingBase database. Returns query results as a formatted table. Use parameterized queries ($1, $2, ...) for safe value substitution. Only read-only statements are allowed. For INSERT/UPDATE/DELETE use kb_execute; for DDL use kb_execute_d...
AI agents call kb_query to retrieve information from Kingbase without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
sql | string | Yes | SELECT query to execute. Only read-only statements are allowed. |
params | array | — | Optional parameterized query values ($1, $2, ...) |
schema | string | — | Schema name for tables without explicit schema prefix (default: from DB_SCHEMA env or 'public'). When specified, unqualified table names will be automatically p |
Parameters from the server's own tool schema.
This tool is restricted to read-only SELECT, WITH, and SHOW queries with no side effects. It retrieves data from the KingBase database without modifying, deleting, or executing code. The parameterized query support ($1, $2, ...) further mitigates SQL injection risks. Low severity because misuse results only in information disclosure, not data loss or system compromise.
From the tool's definition Tool description explicitly states 'Execute a read-only SQL query (SELECT/WITH/SHOW)' and 'Only read-only statements are allowed. For INSERT/UPDATE/DELETE use kb_execute; for DDL use kb_execute_ddl.'
Risk signalsAccepts freeform code/query input (sql)
Attacks that exploit this kind of access
Execute a read-only SQL query (SELECT/WITH/SHOW) against the KingBase database. Returns query results as a formatted table. Use parameterized queries ($1, $2, ...) for safe value substitution. Only read-only statements are allowed. For INSERT/UPDATE/DELETE use kb_execute; for DDL use kb_execute_ddl. 🔑 Auto-schema feature: Unqualified table names (without schema prefix) are automatically qualified with the configured schema (DB_SCHEMA env var). You can optionally override this with the 'schema' parameter. Args: - sql (string): The SELECT query to execute - params (array, optional): Parameter values for $1, $2, ... placeholders - schema (string, optional): Override the default schema for auto-qualifying table names Returns: Formatted table of query results with row count. Examples: - sql: "SELECT * FROM biz_cm_attachment LIMIT 5" (auto-qualified with configured schema) - sql: "SELECT * FROM users WHERE status = $1", params: ["active"] - sql: "SELECT * FROM public.sys_user" (explicit schema, not auto-qualified). It is categorised as a Read tool in the Kingbase MCP Server, which means it retrieves data without modifying state.
kb_query accepts 3 parameters: sql, params, schema. Required: sql. The full parameter table on this page comes from the server's own tool schema.
Register the Kingbase MCP server in PolicyLayer and add a rule for kb_query: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Kingbase. Nothing to install.
kb_query is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the kb_query rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for kb_query. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
kb_query is provided by the Kingbase MCP server (kingbase-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →