get_database_stats

THE RISK

Low Risk

This tool retrieves database metadata and statistics without creating, modifying, deleting, or executing operations. It has no side effects and does not impact database state.

From the tool's definition Tool name 'get_database_stats' and description 'Get statistics and information about a database' indicate data retrieval with no modifications. The verb 'Get' and context of 'statistics and information' are consistent with read-only operations.

Documented attack patterns abuse exactly the kind of access get_database_stats gives an agent:

HOW TO CONTROL GET_DATABASE_STATS

PolicyLayer is an MCP gateway — it sits between your AI agents and DBeaver MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for get_database_stats:

policy.json

{
  "version": "1",
  "default": "deny",
  "tools": {
    "get_database_stats": {}
  }
}

get_database_stats is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.

Create a free account and register DBeaver MCP Server — nothing to install.
Add this policy — paste it, or build it visually.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

CAP THIS TOOL →

Free to start. No card required.

EXPLORE

FAQ

What does the get_database_stats tool do? +

Get statistics and information about a database. It is categorised as a Read tool in the DBeaver MCP Server MCP Server, which means it retrieves data without modifying state.

How do I enforce a policy on get_database_stats? +

Register the DBeaver MCP Server MCP server in PolicyLayer and add a rule for get_database_stats: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches DBeaver MCP Server. Nothing to install.

What risk level is get_database_stats? +

get_database_stats is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit get_database_stats? +

Yes. Add a rate_limit block to the get_database_stats rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block get_database_stats completely? +

Set action: deny in the PolicyLayer policy for get_database_stats. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides get_database_stats? +

get_database_stats is provided by the DBeaver MCP Server MCP server (srthkdev/omnisql-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

Enforce policy on every DBeaver MCP Server tool call.

Deterministic rules across all 21 DBeaver MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN DBEAVER →

Free to start. No card required.

21 DBeaver MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// WHAT GET_DATABASE_STATS ON DBEAVER MCP SERVER DOES

// THE RISK

// HOW TO CONTROL GET_DATABASE_STATS

// EXPLORE

More DBeaver MCP Server tools

Read tools on other servers

Go deeper

// FAQ

Enforce policy on every DBeaver MCP Server tool call.

WHAT GET_DATABASE_STATS ON DBEAVER MCP SERVER DOES

THE RISK

HOW TO CONTROL GET_DATABASE_STATS

EXPLORE

FAQ