database-operations-mcp

The server involves extensive direct file system access to sensitive user data (browser profiles, Plex DBs) and direct database operations. This poses risks of path traversal or data corruption if input paths and queries are not rigorously sanitized by the caller. The `ENABLE_PASSWORD_STORAGE` environment variable, when enabled, allows storing database credentials on disk, which is explicitly labeled a 'DEV MODE' feature and is a significant security risk if used in production or without proper local encryption. Operations like 'bruteforce' database access for Firefox (explicitly labeled 'dangerous!') further highlight potential stability or integrity risks. While parameterized queries are recommended in some tool docstrings, the responsibility lies with the caller to prevent SQL injection. External API calls for AI features require secure management of API keys and careful consideration of data privacy.