sqlite-mcp
by StacklokLabs
Overview
A Model Context Protocol (MCP) server that enables LLMs to interact with SQLite databases by providing tools and resources for querying and managing data.
Installation
go build -o sqlite-mcp ./cmd/server && ./sqlite-mcp -db ./testdata/example.dbEnvironment Variables
- MCP_PORT
- MCP_TRANSPORT
Security Notes
CRITICAL: The `handleDescribeTable` function in `internal/tools/query.go` is vulnerable to SQL injection. The `table_name` parameter, taken directly from user input, is unsafely formatted into a `PRAGMA table_info()` query using `fmt.Sprintf` without sanitization or parameterization. This allows an attacker to inject arbitrary SQL commands (e.g., `users'); DROP TABLE products; --`) which can lead to data loss, modification, or information leakage, especially when the server is run in read-write mode. While `execute_query` and `execute_statement` use parameterized queries, this specific vulnerability is severe.
Similar Servers
memory-mcp-server-go
A Model Context Protocol server providing knowledge graph management capabilities for LLMs to maintain memory across conversations.
enhanced-postgres-mcp-server
This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.
sqlite-mcp-server
Provides an MCP interface for an SQLite database, offering a wide range of data management, advanced analytics, JSON processing, text/vector search, and geospatial capabilities.
simple-memory-mcp
A Model Context Protocol (MCP) server for persistent memory storage, providing intelligent tagging and full-text search for AI assistants to remember context across conversations.