roam_datomic_query

THE RISK

High Risk

Why roam_datomic_query needs a policy

This tool executes arbitrary Datomic (Datalog) queries against the Roam graph. While Datomic is primarily a read-oriented query language, custom queries can be used to access any data in the graph and may support transaction functions or destructive operations depending on Roam's API exposure. The open-ended nature of 'custom' queries with no stated restrictions elevates severity.

From the tool's definition "Execute a custom Datomic query on the Roam graph" — arbitrary query execution with no stated restrictions

Documented attack patterns abuse exactly the kind of access roam_datomic_query gives an agent:

POLICY

How to control roam_datomic_query

PolicyLayer is an MCP gateway — it sits between your AI agents and Roam Research MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for roam_datomic_query:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "roam_datomic_query": {
      "limits": [
        {
          "counter": "roam_datomic_query_rate",
          "window": "minute",
          "max": 10,
          "scope": "grant"
        }
      ]
    }
  }
}

roam_datomic_query stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.

Create a free account and register Roam Research MCP Server — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

RATE-LIMIT THIS TOOL →

Free to start. No card required.

EXPLORE

Related tools and policies

More Roam Research MCP Server tools

Destructive roam_delete_block Delete a single block from the graph by its UID. Destructive roam_delete_page Delete a page and all of its blocks from the graph by its UID. Write roam_add_todo Add a list of todo items as individual blocks to today's daily page in Roam. Write roam_create_block Add a new block to an existing Roam page. If no page specified, adds to today's daily note Write roam_create_outline roam_create_outline Write roam_create_page roam_create_page Write roam_import_markdown roam_import_markdown Write roam_remember Add a memory or piece of information to remember, stored on the daily page with tag.

All 26 Roam Research MCP Server tools →

Execute tools on other servers

Android Forensics ADB MCP Server adb_shell_command EMBA-MCP run_emba_scan Frida Game Hacking MCP remove_breakpoint Procmon request_elevation

Go deeper

High-risk tools in Roam Research MCP Server → Every high-risk tool this server exposes, in one view.
All high-risk MCP tools → Every high-risk tool across the catalogue, and the policy pattern that contains them.
The MCP Attack Database → Documented attack patterns against MCP deployments — and the policies that stop them.
Agent sandbox → Bounding what an agent can execute and where the boundary should sit.
Least privilege for MCP → Granting agents the minimum tool surface the task needs.
Rate Limiting MCP Tool Calls: A Practical Guide →
MCP Security: Why Prompt Guardrails Aren't Enough →

FAQ

Questions about roam_datomic_query

What does the roam_datomic_query tool do? +

Execute a custom Datomic query on the Roam graph beyond the available search tools. It is categorised as a Execute tool in the Roam Research MCP Server MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.

How do I enforce a policy on roam_datomic_query? +

Register the Roam Research MCP Server MCP server in PolicyLayer and add a rule for roam_datomic_query: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Roam Research MCP Server. Nothing to install.

What risk level is roam_datomic_query? +

roam_datomic_query is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.

Can I rate-limit roam_datomic_query? +

Yes. Add a rate_limit block to the roam_datomic_query rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block roam_datomic_query completely? +

Set action: deny in the PolicyLayer policy for roam_datomic_query. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides roam_datomic_query? +

roam_datomic_query is provided by the Roam Research MCP Server MCP server (philosolares/roam-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every Roam Research MCP Server tool call.

Start from Roam Research MCP Server, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →