sqlite-mcp-server
by NANDINIGC22
Overview
Provides a dynamic SQLite database server as an MCP tool, allowing creation, table management, data insertion, and natural language querying of databases.
Installation
python server.pySecurity Notes
CRITICAL security risks identified: 1. Arbitrary File System Access: The `mcp.json` explicitly grants full file system access to `C:/`, which is extremely dangerous and allows the server to read, write, or delete any file on the drive. 2. SQL Injection (create_table): The `columns` parameter in `create_table` is directly concatenated into the SQL query without proper sanitization, allowing malicious SQL injection via crafted column names or types. 3. SQL Injection (insert_records): The keys of `records` (used as column names) in `insert_records` are directly concatenated into the SQL query, making it vulnerable to injection if an attacker controls the record keys. 4. SQL Injection (prompt_query): The `table_name` parameter in `nl_to_sql` (called by `prompt_query`) is directly inserted into the `SELECT` query, creating a severe SQL injection vulnerability where an attacker can execute arbitrary SQL commands by manipulating the table name. 5. Hardcoded Path: `BASE_DIR` is hardcoded to a Windows path (`C:\AIProjects\MCPPROJECTS`), which is poor practice and reduces portability.
Similar Servers
sqlite-mcp
A Model Context Protocol (MCP) server that enables LLMs to interact with SQLite databases by providing tools and resources for querying and managing data.
mcp-sqlite-tools
A Model Context Protocol (MCP) server for LLMs to safely and efficiently interact with local SQLite databases, providing comprehensive operations from schema management to query execution and transactions.
jewei-mssql-mcp-server
Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.
sqlite-mcp
Integrates Model Context Protocol (MCP) servers, enabling SQLite databases to call their AI tools directly from SQL queries.