Assignment_mcp_server
Verified Safeby vinaykumar231
Overview
Provides a secure, authenticated interface for an MCP client (e.g., Claude) to interact with Google BigQuery, allowing execution of SQL queries and retrieval of table metadata.
Installation
python -m src.serverEnvironment Variables
- SECRET_KEY
- TOKEN_TTL_HOURS
- MAX_QUERY_RESULTS
- ENABLE_QUERY_LOGGING
- LOG_LEVEL
- GOOGLE_APPLICATION_CREDENTIALS
- GCP_PROJECT
Security Notes
The authentication mechanism uses robust methods (PBKDF2 for secret hashing, JWT tokens for sessions) and access control is implemented at the dataset level. However, the `bq.run_query` tool directly executes arbitrary SQL queries provided by the client. While this is the intended function, it poses a significant SQL injection risk if the calling MCP client is compromised or if the `query` argument is not properly validated/sanitized by the client before being sent to the server. The server itself does not appear to perform SQL sanitization, relying on the client's integrity. No `eval` or `exec` found. Hardcoded secrets are explicitly warned against and the `register_client.py` script helps generate strong credentials.
Similar Servers
jetski
Jetski is an open-source platform providing analytics, authentication, and simplified client setup for Model Context Protocol (MCP) servers by acting as a proxy.
GeminiMCP
Integrate Google's Gemini API for AI-powered tasks and search with Model Control Protocol (MCP) clients, focusing on developer-centric features like code analysis and context handling.
ap-training-bigquery-mcp
Provides a semantic layer for BigQuery's Austin Bikeshare public dataset, simplifying data querying and analysis through a defined interface for tools like Claude Desktop.
Assignment_mcp_server
Provides a secure, authenticated interface for an MCP client (e.g., Claude) to interact with Google BigQuery, allowing execution of SQL queries and retrieval of table metadata.