duckdb_mcp
Verified Safeby teaguesterling
Overview
Integrate SQL databases with AI assistants (e.g., Claude) using the Model Context Protocol (MCP) for data querying, tool execution, and resource management.
Installation
duckdb -init init-server.sqlEnvironment Variables
- DUCKDB_MCP_DEBUG
- DUCKDB_MCP_BACKGROUND
Security Notes
The server-side functionality, if exposed over a network (e.g., TCP, HTTP, WebSocket - though not fully implemented in provided source), defaults to *no authentication*, posing a critical security risk. Custom tools built with `mcp_publish_tool` use naive string substitution for parameters, which is a **SQL injection vulnerability** if the SQL template is not carefully constructed with proper quoting (e.g., `WHERE col = ''$param''` for strings). The `execute` tool, allowing DDL/DML, is safely disabled by default. Client-side `ATTACH` commands are secured by a robust command allowlisting mechanism (`allowed_mcp_commands`) which prevents arbitrary executable paths and unsafe arguments, and becomes immutable after initial configuration, making client usage generally safer.
Similar Servers
apple-health-mcp
Query and analyze personal Apple Health data using SQL for health insights and automated reports.
ddg_search
A Model Context Protocol server for web search using DuckDuckGo and AI-powered answers from IAsk AI, Monica, and Brave AI, designed for integration with AI assistants.
mcp-mysql-server
Provides an MCP-compliant interface for AI models to securely interact with a MySQL database for CRUD operations, schema inspection, and performance analysis.
mysql_mcp_server
This server provides a Model Context Protocol (MCP) interface to a MySQL database, enabling AI models to execute SQL queries and retrieve database schema information.