td-mcp-server
Verified Safeby treasure-data
Overview
An MCP server for AI assistants to securely query and interact with Treasure Data, including SQL operations, CDP segment management, and workflow monitoring/control.
Installation
npx @treasuredata/mcp-serverEnvironment Variables
- TD_API_KEY
- TD_SITE
- TD_ENABLE_UPDATES
- TD_DATABASE
- TD_LLM_API_BASE
- TD_DEFAULT_PROJECT_NAME
- TD_DEFAULT_AGENT_ID
- TD_MCP_LOG_TO_CONSOLE
Security Notes
The server has a strong security-first design, defaulting to read-only operations for SQL queries (write operations require explicit `TD_ENABLE_UPDATES=true`). It includes a `QueryValidator` to restrict SQL commands and prevent dangerous operations. API keys are masked in logs and error messages. Input validation with `zod` is used for CDP/Workflow tools, and SQL identifier/literal escaping is implemented. Comprehensive audit logging tracks all operations. Workflow control operations (kill, retry) are considered safe as they create new attempts or send cancellation requests, not directly modifying data. The primary remaining risk is the `QueryTool` allowing raw SQL after basic validation, where complex Trino-specific injection vectors might theoretically exist, though no obvious flaws were found.
Similar Servers
tiger-cli
Manages Timescale Cloud database services and provides an integrated Model Context Protocol (MCP) server enabling AI assistants to programmatically interact with and query the infrastructure.
powerdrill-mcp
An MCP server for AI-driven data analysis by providing tools to interact with Powerdrill datasets using natural language questions and managing data sources, jobs, and sessions.
cratedb-mcp
The CrateDB MCP Server enables natural-language Text-to-SQL querying, cluster health monitoring, and documentation retrieval for CrateDB database clusters, acting as a bridge for AI assistants.
DatabaseMcpServer
This server provides a unified, secure database operation interface for AI assistants, supporting a wide range of database types and dynamic switching.