sqlite3-mcp-server
Verified Safeby rncz
Overview
Allows a Large Language Model (LLM) to perform CRUD operations, run raw SQL, and introspect SQLite databases stored locally.
Installation
uvx sqlite3-mcpSecurity Notes
The `execute_sql` tool allows the LLM to run arbitrary SQL queries, posing a significant risk if the LLM generates malicious or destructive commands (e.g., `DROP TABLE`). While the CRUD tools use parameterized queries for data values, the `sql` string itself is directly from the LLM, requiring careful LLM prompting. The `describe_table` function uses an f-string for the table name in a `PRAGMA` statement, which could be a minor SQL injection risk if not strictly validated. Additionally, the `get_db_path` function might be susceptible to path traversal if `db_name` is manipulated to include `../` sequences, potentially allowing access to files outside the intended `databases` directory.
Similar Servers
sqlite-mcp
A Model Context Protocol (MCP) server that enables LLMs to interact with SQLite databases by providing tools and resources for querying and managing data.
Simple-Memory-Extension-MCP-Server
A persistent key-value memory store for AI agents, designed to extend context windows and enable semantic search over stored memories.
mcp-sqlite-tools
A Model Context Protocol (MCP) server for LLMs to safely and efficiently interact with local SQLite databases, providing comprehensive operations from schema management to query execution and transactions.
sqlite-mcp
Integrates Model Context Protocol (MCP) servers, enabling SQLite databases to call their AI tools directly from SQL queries.