telegram-llm-mcp-sql-server
by henryoy
Overview
An MCP server integrating SQL Server with AI agents (Claude Desktop, Telegram Bot) to manage a complete quotation, sales, and invoicing system.
Installation
npm run mcpEnvironment Variables
- DB_SERVER
- DB_DATABASE
- DB_USER
- DB_PASSWORD
- DB_ENCRYPT
- MCP_SERVER_NAME
- MCP_SERVER_VERSION
- PORT
- LLM_PROVIDER
- LLM_FALLBACK_PROVIDER
- LLM_AUTO_FALLBACK
- GEMINI_API_KEY
- GEMINI_MODEL
- DEEPSEEK_API_KEY
- DEEPSEEK_MODEL
- DEEPSEEK_BASE_URL
- OLLAMA_BASE_URL
- OLLAMA_MODEL
- TELEGRAM_BOT_TOKEN
- TELEGRAM_MODE
- TELEGRAM_WEBHOOK_URL
- APP_MODE
Security Notes
CRITICAL SQL Injection Vulnerability: The `ClienteService.buscarClientes` and `ArticuloService.buscarArticulos` methods directly interpolate user-provided `criterio` into SQL `LIKE` clauses without proper parameterization. This allows malicious input to alter or drop database queries. Hardcoded default SQL Server credentials ('LAPTOP-88194PO5\\SQL2019', '12345') exist in `src/config/database.ts` as fallbacks and are directly used in `scripts/setup-database.js`, which could expose database access if the .env file is not configured or secured. Standard practices for securing LLM API keys and Telegram bot tokens are also required.
Similar Servers
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.
warp-sql-server-mcp
An MCP server for SQL Server, enabling AI assistants to securely interact with databases for schema discovery, data retrieval, query execution, performance monitoring, and optimization.
MCP-SERVER
Provides a backend API for managing a product database (SQLite) and performing safe mathematical calculations, designed for integration with client applications like AI-powered chatbots.
MSSQL_MCP_Server-custom-fork-
Enables Large Language Models (LLMs) to interact with and query an MSSQL database using natural language.