Assignment_mcp_server
Verified Safeby vinaykumar231
Overview
Provides a secure, authenticated interface for an MCP client (e.g., Claude) to interact with Google BigQuery, allowing execution of SQL queries and retrieval of table metadata.
Installation
python -m src.serverEnvironment Variables
- SECRET_KEY
- TOKEN_TTL_HOURS
- MAX_QUERY_RESULTS
- ENABLE_QUERY_LOGGING
- LOG_LEVEL
- GOOGLE_APPLICATION_CREDENTIALS
- GCP_PROJECT
Security Notes
The authentication mechanism uses robust methods (PBKDF2 for secret hashing, JWT tokens for sessions) and access control is implemented at the dataset level. However, the `bq.run_query` tool directly executes arbitrary SQL queries provided by the client. While this is the intended function, it poses a significant SQL injection risk if the calling MCP client is compromised or if the `query` argument is not properly validated/sanitized by the client before being sent to the server. The server itself does not appear to perform SQL sanitization, relying on the client's integrity. No `eval` or `exec` found. Hardcoded secrets are explicitly warned against and the `register_client.py` script helps generate strong credentials.
Similar Servers
jetski
Jetski is an Open Source MCP Analytics and Authentication Platform designed to simplify installation, authentication, and provide logs/analytics for Model Context Protocol (MCP) servers.
google-tag-manager-mcp-server
This server acts as a middleware proxy for Model Context Protocol (MCP) clients to interact with the Google Tag Manager API, enabling AI agents to manage GTM accounts, containers, workspaces, and various resources like tags, triggers, and variables securely via Google OAuth.
ap-training-bigquery-mcp
Provides a semantic layer for BigQuery's Austin Bikeshare public dataset, simplifying data querying and analysis through a defined interface for tools like Claude Desktop.
GeminiMCP
MCP server integrating with Google's Gemini API for code analysis, general queries, and search with grounding capabilities.