MCP-SQL-Server
by joaoGabriel55
Overview
This project provides a full-stack application for natural language interaction with an SQLite database, allowing users to query and understand database content through a chat interface powered by an Ollama-based language model.
Installation
cd server && npm run startSecurity Notes
CRITICAL RISK: The server directly executes SQL queries generated by the Ollama language model (LLM) based on user input, without robust sanitization or validation of the generated SQL. This makes the system highly vulnerable to SQL injection attacks, where a malicious user could craft prompts to generate destructive queries (e.g., `DROP TABLE`) or exfiltrate sensitive data. There is no user authentication or authorization layer, meaning any client can interact with the database via the LLM. The Ollama host is hardcoded to `http://localhost:11434`, which is not a secret but a deployment configuration that could be exploited if an attacker could reroute network traffic.
Similar Servers
Little_MCP
A local AI assistant that leverages open-source LLMs with RAG for document Q&A and provides real-time information via multi-tool capabilities (weather, datetime, calculation, SQL).
mssql-mcp
Enables AI assistants to interact with both local SQL Server and Azure SQL Database through natural language queries and commands.
sqlite-mcp
Enables Large Language Models to query a local SQLite database for information via the Model Context Protocol (MCP).
sqlite-mcp-server
Enables LLMs to interact with SQLite databases through read-only tools for schema inspection and SQL query execution.