dolt-mcp
by dolthub
Overview
Provides AI assistants with direct access to Dolt databases, enabling database operations, version control, and data management tasks.
Installation
No command providedEnvironment Variables
- DOLT_HOST
- DOLT_USER
- DOLT_DATABASE
- DOLT_PASSWORD
- DOLT_PORT
- MCP_MODE
- MCP_PORT
Security Notes
The server has critical SQL injection vulnerabilities. Several tool implementations construct SQL queries using `fmt.Sprintf` with user-provided arguments (e.g., `working_database`, `working_branch`, `table`, `start_date`, `end_date`) without proper SQL escaping or parameterization. This allows an authenticated attacker to inject arbitrary SQL commands by crafting malicious input for these arguments. For example, in `db_helpers.go`, `DoltUseWorkingDatabaseSQLQueryFormatString` and `DoltCheckoutWorkingBranchSQLQueryFormatString` use unescaped user input for `database` and `branch` names. Similarly, `list_dolt_diff_changes_in_date_range.go` and `list_dolt_diff_changes_by_table_name.go` also inject unescaped user input directly into SQL queries. While `singleQuoteEscape` exists, it is not consistently applied to all user-controlled inputs used in SQL queries. HTTP mode with JWT authentication adds a layer of access control, but does not mitigate these internal injection flaws once an attacker is authenticated.
Similar Servers
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
supermcp
A multi-tenant SQL database connector for the MCP platform, enabling AI assistants to interact with various SQL databases like PostgreSQL, MySQL, MSSQL, Oracle, Snowflake, and SQLite through a unified interface.
dbt-core-mcp
A Model Context Protocol (MCP) server that empowers AI assistants (like Copilot) to interact with and manage dbt projects. It enables natural language control over dbt operations, providing project metadata, lineage, impact analysis, SQL query execution, and intelligent build/test workflows, all while respecting the user's local dbt environment.
DatabaseMcpServer
Provides a robust and secure database access layer for AI assistants, supporting 19 types of databases with single-instance multi-database dynamic switching and over 50 tools for data and schema management.