mcp-server-metabase
by ForestAdmin
Overview
Connects AI agents to Metabase BI platform, providing comprehensive access to databases, saved questions, dashboards, collections, and query execution.
Installation
cd src && uvicorn forestadmin_metabase_mcp.server_sse:app --host 0.0.0.0 --port 8000Environment Variables
- METABASE_URL
- METABASE_API_KEY
- METABASE_USERNAME
- METABASE_PASSWORD
- MCP_AUTH_TOKEN
- PORT
Security Notes
CRITICAL SQL INJECTION VULNERABILITIES (CVE-2025-XXXXX) have been identified and are present in the provided source code. The `execute_sql_query` tool allows `WITH` (Common Table Expression) queries which can contain arbitrary SQL statements (UPDATE, INSERT, DELETE, DROP), bypassing read-only validation. The `create_question` tool lacks any input validation for its `query` argument, allowing malicious SQL to be saved as persistent questions. These vulnerabilities enable data modification, destruction, and privilege escalation, as detailed in `CRITICAL_SECURITY_ADVISORY.md`. Despite previous security patches, these critical issues are unaddressed in the provided code.
Similar Servers
powerbi-modeling-mcp
Connects AI agents to Power BI semantic models to enable natural language interaction for building, modifying, and managing data models.
PowerBI-Desktop-MCP
Enables AI assistants to programmatically interact with Power BI Desktop models for data exploration, analysis, and modification.
awesome-oceanbase-mcp
The `awesome-oceanbase-mcp` project provides a collection of Model Context Protocol (MCP) servers designed to enable AI assistants to interact directly with OceanBase databases and its ecosystem components.
powerbi-mcp
Enables AI assistants to interact with Power BI Desktop and Service for querying data, managing models, and performing safe bulk operations through natural language, ensuring enterprise-grade security and preserving report visual integrity during refactoring.