Execute SQL queries and commands against the LocalStack Snowflake emulator using the Snowflake CLI (snow). Use this to run SELECT queries, DDL (CREATE/DROP), DML (INSERT/UPDATE/DELETE), SHOW DATABASES/SCHEMAS/TABLES, DESCRIBE TABLE, and any other Snowflake SQL.
AI agents invoke localstack-snowflake-client to trigger actions in Localstack. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
| Parameter | Type | Required | Description |
|---|---|---|---|
role | string | — | Snowflake role to use for this query. |
query | string | — | SQL query to execute (e.g. 'SELECT * FROM mytable', 'SHOW DATABASES', 'CREATE TABLE ...'). Required when action is 'execute' and file_path is not provided. |
action | string | Yes | Action to perform |
schema | string | — | Snowflake schema context for this query. |
database | string | — | Snowflake database context for this query. |
file_path | string | — | Absolute path to a .sql file to execute. Required when action is 'execute' and query is not provided. |
warehouse | string | — | Snowflake warehouse to use for this query. |
Parameters from the server's own tool schema.
This tool executes arbitrary SQL against a Snowflake emulator, including destructive DDL (DROP), data-modifying DML (INSERT/UPDATE/DELETE), and unrestricted 'any other Snowflake SQL'. The blast radius is critical because a misused query could drop databases, delete all records, or corrupt schema — irreversible destructive operations are explicitly within scope.
From the tool's definition Execute SQL queries and commands... run SELECT queries, DDL (CREATE/DROP), DML (INSERT/UPDATE/DELETE), SHOW DATABASES/SCHEMAS/TABLES, DESCRIBE TABLE, and any other Snowflake SQL
Risk signalsAccepts freeform code/query input (query) · Accepts file system path (file_path)
Attacks that exploit this kind of access
Execute SQL queries and commands against the LocalStack Snowflake emulator using the Snowflake CLI (snow). Use this to run SELECT queries, DDL (CREATE/DROP), DML (INSERT/UPDATE/DELETE), SHOW DATABASES/SCHEMAS/TABLES, DESCRIBE TABLE, and any other Snowflake SQL. It is categorised as a Execute tool in the Localstack MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
localstack-snowflake-client accepts 7 parameters: role, query, action, schema, database, file_path, warehouse. Required: action. The full parameter table on this page comes from the server's own tool schema.
Register the Localstack MCP server in PolicyLayer and add a rule for localstack-snowflake-client: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Localstack. Nothing to install.
localstack-snowflake-client is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the localstack-snowflake-client rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for localstack-snowflake-client. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
localstack-snowflake-client is provided by the Localstack MCP server (@localstack/localstack-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →