sqltools_mcp
by Tony-Enninful
Overview
SQLTools MCP provides AI assistants with unified support for various relational databases (MySQL, Postgres, SQL Server, Dameng, SQLite) via the Model Context Protocol.
Installation
python -m sqltools_mcp.serverEnvironment Variables
- DB_TYPE
- DB_HOST
- DB_PORT
- DB_USER
- DB_PASSWORD
- DB_NAME
- DM_HOME
- DM_JDBC_DRIVER
Security Notes
CRITICAL SQL INJECTION VULNERABILITY: The `execute_sql` tool directly passes user-provided SQL queries to `cursor.execute()` in all database adapters without proper parameterization. This allows for arbitrary SQL injection by a malicious actor or an unconstrained AI agent, leading to data exfiltration, modification, or deletion. The README's claim of 'Built-in SQL injection protection' is misleading for the core SQL execution functionality. Additionally, some metadata queries (e.g., in `DM8Adapter`) use basic string formatting with schema/table names, which, while attempting to escape single quotes, can still be brittle against more complex injection patterns.
Similar Servers
db-mcp-server
Provides AI assistants with structured access to multiple database systems (MySQL, PostgreSQL, SQLite, TimescaleDB) through the Model Context Protocol (MCP).
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
DatabaseMcpServer
Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.