SchemaCrawler-AI

Name: SchemaCrawler-AI
Author: schemacrawler

Verified Safe

by schemacrawler

View Source

Overview

Provides an AI-powered interface for natural language database schema exploration, analysis, visualization, and SQL assistance.

Installation

Run Command

docker run -p 8080:8080 -e SCHCRWLR_MCP_SERVER_TRANSPORT=http -e SCHCRWLR_SERVER=hsqldb -e SCHCRWLR_DATABASE=mem:testdb -e SCHCRWLR_DATABASE_USER=SA -e SCHCRWLR_DATABASE_PASSWORD= -e SERVER_PORT=8080 schemacrawler/schemacrawler-ai:v17.4.0-1

Environment Variables

SCHCRWLR_MCP_SERVER_TRANSPORT
SCHCRWLR_EXCLUDE_TOOLS
SCHCRWLR_ADDITIONAL_CONFIG
SCHCRWLR_INFO_LEVEL
SCHCRWLR_LOG_LEVEL
SCHCRWLR_OFFLINE_DATABASE
SCHCRWLR_DATABASE_USER
SCHCRWLR_DATABASE_PASSWORD
SCHCRWLR_JDBC_URL
SCHCRWLR_SERVER
SCHCRWLR_HOST
SCHCRWLR_PORT
SCHCRWLR_DATABASE
SERVER_PORT

Security Notes

The HTTP transport profile in `application.yaml` explicitly allows all origins (`allowed-origin: '*'`), which is a Cross-Origin Resource Sharing (CORS) vulnerability for public APIs, though potentially intended for flexible AI agent integration. User-provided regular expressions for filtering database objects are directly used in `InclusionRule`s, posing a potential Regular Expression Denial of Service (ReDoS) risk if not adequately validated or sandboxed by the underlying SchemaCrawler library. Stack traces are logged to the client on exceptions (`logExceptionToClient`), which can lead to information disclosure. No hardcoded secrets or obvious command injection vulnerabilities were found. Database credentials are handled via environment variables.

Similar Servers

db-mcp-server

337

Provides AI assistants with structured access to multiple database systems (MySQL, PostgreSQL, SQLite, TimescaleDB) through the Model Context Protocol (MCP).

Other

$Medium