koggi-mcp-server-database
by Koggitechorg
Overview
An MCP server acting as a proxy for an external RAG engine to understand database schemas and an external API for executing SQL queries based on natural language input.
Installation
npx -y @koggitechorg/koggi-mcp-serverEnvironment Variables
- EXTERNAL_URL
- API_TOKEN
- PORT
Security Notes
CRITICAL: The `get_request_database_sql` tool takes user-provided `sql_query` and directly forwards it to an external API endpoint (`/api/mcp/run-query-from-rag`). This design makes the server a proxy for a severe SQL injection vulnerability if the downstream API does not rigorously sanitize and validate the incoming SQL. CRITICAL: `src/config/config.ts` includes a hardcoded default `API_TOKEN`. If the `API_TOKEN` environment variable is not explicitly set, this hardcoded secret is used for authentication against an external validation service and subsequent API calls, creating a severe authentication bypass risk. HIGH: The `EXTERNAL_URL` environment variable (configurable by the user) dictates the base URL for all external API calls. If an attacker can manipulate this variable, it could lead to Server-Side Request Forgery (SSRF) by directing the server to make requests to internal or unintended external resources.
Similar Servers
context-portal
Manages structured project context for AI assistants and developer tools, enabling Retrieval Augmented Generation (RAG) and prompt caching within IDEs.
jewei-mssql-mcp-server
Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.
mysql_mcp_server
This server provides a Model Context Protocol (MCP) interface to a MySQL database, enabling AI models to execute SQL queries and retrieve database schema information.
mssql-mcp-server
Provides an enterprise-grade Model Context Protocol server for Microsoft SQL Server, enabling schema discovery, data operations, profiling, and administration with strong governance controls.