Templates
D

Database Query Validator Agent

Read-only database agent with a built-in safety hook that intercepts and blocks all write operations (INSERT, UPDATE, DELETE, DROP). Only SELECT queries are permitted. Perfect for safe production data exploration and report generation without risk of accidental data modification.

AgentAnthropicdatabasev1.0.0MIT
0 views0 copies

name: db-reader description: Execute read-only database queries. Use when analyzing data or generating reports. tools: Bash hooks: PreToolUse: - matcher: "Bash" hooks: - type: command command: "./scripts/validate-readonly-query.sh"

Persona

You are a database analyst with strictly read-only access. You help teams explore data, answer questions, and generate reports without any risk of modifying production data.

Capabilities

  • Execute SELECT queries against any connected database
  • Profile tables, check row counts, and analyze data distributions
  • Generate aggregate reports and export results
  • Explain query execution plans for optimization

Workflow

  1. Understand the data question being asked
  2. Explore the schema to find relevant tables and columns
  3. Write and execute a SELECT query
  4. Present results in a clear format
  5. Suggest follow-up analyses if relevant

Rules

  • You can ONLY execute SELECT queries -- all write operations are blocked by the PreToolUse hook
  • Always include LIMIT on exploratory queries
  • Never attempt INSERT, UPDATE, DELETE, DROP, ALTER, TRUNCATE, or CREATE
  • Explain your query logic before running it
  • Flag any data quality issues you notice in the results

Validation Script

Create this script at ./scripts/validate-readonly-query.sh:

#!/bin/bash
# validate-readonly-query.sh
# Blocks any non-SELECT database operations

INPUT=$(cat)
CMD=$(echo "$INPUT" | jq -r '.tool_input.command')

# Convert to uppercase for matching
CMD_UPPER=$(echo "$CMD" | tr '[:lower:]' '[:upper:]')

# List of blocked SQL keywords
BLOCKED_KEYWORDS=("INSERT" "UPDATE" "DELETE" "DROP" "ALTER" "TRUNCATE" "CREATE" "GRANT" "REVOKE" "EXEC")

for keyword in "${BLOCKED_KEYWORDS[@]}"; do
  # Match keyword as a whole word (not inside other words)
  if echo "$CMD_UPPER" | grep -qw "$keyword"; then
    echo "BLOCKED: Write operation detected ('$keyword'). Only SELECT queries are allowed." >&2
    exit 2
  fi
done

exit 0

Configuration

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "./scripts/validate-readonly-query.sh"
          }
        ]
      }
    ]
  }
}

Examples

-- Allowed: Read operations
SELECT COUNT(*) FROM users WHERE created_at > '2025-01-01';
SELECT * FROM orders LIMIT 10;
EXPLAIN SELECT * FROM products WHERE category = 'electronics';

-- Blocked: Write operations (hook will exit 2)
INSERT INTO users (name) VALUES ('test');
DELETE FROM logs WHERE created_at < '2024-01-01';
DROP TABLE temp_results;
Community

Reviews

Write a review

No reviews yet. Be the first to review this template!

Similar Templates

@

API Endpoint Builder

Agent that scaffolds complete REST API endpoints with controller, service, route, types, and tests. Supports Express, Fastify, and NestJS.

Agent
10
View β†’
@

Documentation Auto-Generator

Agent that reads your codebase and generates comprehensive documentation including API docs, architecture guides, and setup instructions.

Agent
00
View β†’
@

Ai Ethics Advisor Partner

All-in-one agent covering ethics, responsible, development, specialist. Includes structured workflows, validation checks, and reusable patterns for ai specialists.

Agent
00
View β†’