AI agents use redis_set to create or update resources in Db — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Db environment.
Redis SET commands modify data reversibly—keys can be updated or deleted later. There is no permanent destruction, code execution, or financial impact. The medium severity reflects that unintended writes to Redis could corrupt application state or cache, but the blast radius is limited compared to destructive operations.
From the tool's definition Tool name 'redis_set' and description '设置 Redis 键的值' (set Redis key value) indicate creation/modification of data in Redis. This is a write operation that creates or updates key-value pairs.
Documented attack patterns abuse exactly the kind of access redis_set gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Db, and nothing reaches the server without passing your rules. This is the rule we recommend for redis_set:
{
"version": "1",
"default": "deny",
"tools": {
"redis_set": {
"limits": [
{
"counter": "redis_set_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}redis_set stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
设置 Redis 键的值. It is categorised as a Write tool in the Db MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the Db MCP server in PolicyLayer and add a rule for redis_set: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Db. Nothing to install.
redis_set is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the redis_set rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for redis_set. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
redis_set is provided by the Db MCP server (wannanbigpig/db-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Db, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
34 Db tools catalogued and risk-classified — across an index of 43,000+ MCP servers.