sqltools_mcp
Verified Safeby Tony-Enninful
Overview
Provides AI assistants with unified, multi-database access capabilities through the Model Context Protocol (MCP).
Installation
python -m sqltools_mcp.serverEnvironment Variables
- DB_TYPE
- DB_HOST
- DB_PORT
- DB_USER
- DB_PASSWORD
- DB_NAME
Security Notes
The server's core function is to execute arbitrary SQL queries provided by the AI client (or user) via the `execute_sql` tool. While the `SECURITY.md` outlines measures like identifier quoting for metadata queries and flagging destructive operations for AI models, direct execution of unsanitized SQL in `execute_sql` inherently carries a SQL injection risk if the AI model or user inputs malicious queries. The DM8 adapter uses string formatting with manual escaping for metadata queries, which is less robust than parameterized queries, but the escaping logic appears to handle basic identifier injection. No clear 'eval' or command injection vulnerabilities were found, and connection credentials are handled via environment variables.
Similar Servers
db-mcp-server
Provides AI assistants with structured access to multiple database systems (MySQL, PostgreSQL, SQLite, TimescaleDB) through the Model Context Protocol (MCP).
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
DatabaseMcpServer
Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.
mcp-server-generator
Generate Model Context Protocol (MCP) servers from database datasources for integration with AI agents, using a visual canvas interface for tool creation and management.