pg_mcp
by scionoftech
Overview
Enables natural language querying of PostgreSQL databases using AI.
Installation
docker-compose up -dEnvironment Variables
- POSTGRES_HOST
- POSTGRES_PORT
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
- ANTHROPIC_API_KEY
Security Notes
The server has critical security vulnerabilities. The `execute_sql` tool directly executes user-provided SQL queries without sanitization, allowing for SQL injection and arbitrary database operations. The `describe_table` tool uses f-strings to embed the `table_name` parameter directly into SQL queries (e.g., `SELECT * FROM {table_name} LIMIT 3;`), making it vulnerable to SQL injection. Additionally, while the `query` tool uses AI to generate SQL, the generated SQL is executed directly, posing a risk if the AI can be prompted to generate malicious queries. The project also uses default PostgreSQL credentials in the example setup, which should never be used in production.
Similar Servers
mcp-server-neon
The Neon MCP Server allows users to interact with and manage their Neon Postgres databases using natural language commands, acting as a bridge between AI agents/LLMs and the Neon API and database operations.
MCP-PostgreSQL-Ops
The MCP server provides professional operations, monitoring, and management capabilities for PostgreSQL databases using natural language queries.
teslamate-mcp
Connects a TeslaMate PostgreSQL database to AI assistants, enabling natural language queries about Tesla vehicle data and analytics.
DBchat
Transforms a database into an intelligent conversational partner, enabling natural language queries, instant answers, and data visualizations via MCP clients.