pg_mcp
by scionoftech
Overview
Enables natural language querying of PostgreSQL databases using AI.
Installation
docker-compose up -dEnvironment Variables
- POSTGRES_HOST
- POSTGRES_PORT
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
- ANTHROPIC_API_KEY
Security Notes
The server has critical security vulnerabilities. The `execute_sql` tool directly executes user-provided SQL queries without sanitization, allowing for SQL injection and arbitrary database operations. The `describe_table` tool uses f-strings to embed the `table_name` parameter directly into SQL queries (e.g., `SELECT * FROM {table_name} LIMIT 3;`), making it vulnerable to SQL injection. Additionally, while the `query` tool uses AI to generate SQL, the generated SQL is executed directly, posing a risk if the AI can be prompted to generate malicious queries. The project also uses default PostgreSQL credentials in the example setup, which should never be used in production.
Similar Servers
mcp-server-neon
Enables natural language interaction with Neon Postgres databases, facilitating database management, migrations, and query optimization via an LLM agent.
MCP-PostgreSQL-Ops
This MCP server provides comprehensive PostgreSQL database operations, monitoring, and management through natural language queries.
teslamate-mcp
Connects a TeslaMate PostgreSQL database to AI assistants, enabling natural language queries about Tesla vehicle data and analytics.
tiger-docs-mcp-server
An MCP server and Claude plugin providing AI assistants with advanced PostgreSQL knowledge through semantic documentation search and curated best practice skills.