Skip to main content
Database MCP · mcp · 16 picks

MCP servers for databases and data workflows

Database, SQL, analytics, and data workflow MCP servers that help Claude inspect, query, transform, or document structured data.

Curated by @heyclaude-editors Updated 2026-07-18

Database, SQL, analytics, and data workflow MCP servers that help Claude inspect, query, transform, or document structured data.

Short answer

Choose a database MCP server by the database you run and how much write access you want to grant. Prefer source-backed servers with documented safety and privacy behavior, and confirm whether the server exposes read-only queries or full read/write before connecting it to anything that matters.

How to choose

Your database
Match the server to PostgreSQL, MySQL, MongoDB, Redis, or your managed provider.
Read vs read/write
Check whether the server allows mutations, and scope the credentials you give it to least privilege.
Source & trust
Prefer first-party or source-backed servers with a verifiable repository over unverified ones.
Safety & privacy notes
Confirm the server documents what data it reads and what it sends before granting database access.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).

Field

Token-efficient database MCP server for PostgreSQL, MySQL, MariaDB, SQL Server, and SQLite.

Open dossier

SQLAlchemy-backed MCP server for exploring relational databases, inspecting schemas and relationships, and executing SQL queries from Claude.

Open dossier

Official MCP server providing read-only access to PostgreSQL databases with schema inspection and query capabilities

Open dossier

Connect Claude to Teradata — list databases and tables, inspect DDL, run SQL queries, preview data, analyze column quality, and explore DBA diagnostics — with the official Teradata MCP server supporting optional ML tool expansion via the teradataml Python package.

Open dossier

Connect Claude to ClickHouse for read-only SQL exploration, schema discovery, and safe analytics workflows.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage not verifiedPackage not verifiedPackage verifiedPackage not verifiedPackage not verified
Source provenanceDiffersSource-backedSource-backedNo submission linkSource-backedSource-backed
SubmitterDiffersoktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstLow riskReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandDBHub logoDBHubAnthropic logoAnthropic
Categorymcpmcpmcpmcpmcp
SourceSource-backedSource-backedFirst-partySource-backedSource-backed
AuthorBytebaseRune KaagaardAnthropicTeradataClickHouse
Added2026-06-052026-06-062025-09-162026-06-182026-06-03
Platforms
Harness
Source repo
Safety notesDBHub can execute SQL queries against configured databases. SQL execution can read, create, update, delete, or otherwise modify data depending on database permissions and requested queries. Configure read-only mode, row limits, query timeouts, least-privilege credentials, and human review before using DBHub with production or sensitive databases. Custom tools can wrap reusable parameterized SQL, so review their definitions before allowing agents to call them.MCP Alchemy exposes database table discovery, schema inspection, relationship mapping, and SQL execution. The execute_query tool can run arbitrary SQL text against the configured SQLAlchemy database. The source creates SQLAlchemy connections with AUTOCOMMIT, so successful write, DDL, or administrative statements can commit immediately. The server does not enforce read-only SQL; use database permissions, read-only users, and human review to constrain writes. Query results are truncated by EXECUTE_QUERY_MAX_CHARS unless Claude Local Files output is configured. When CLAUDE_LOCAL_FILES_PATH is set, full result sets can be written to local files for artifact access.Use a read-only database user with restricted schemas unless write access is explicitly needed and reviewed.The `base_query` tool executes arbitrary SQL on your Teradata system — only connect with credentials scoped to the minimum required permissions. Row limits (`DEFAULT_ROW_LIMIT`, `MAX_ROW_LIMIT`) prevent accidental full-table scans returning millions of rows; leave defaults in place unless you need larger result sets.The upstream server runs ClickHouse queries in read-only mode by default because `CLICKHOUSE_ALLOW_WRITE_ACCESS` is false unless explicitly enabled. Leave write access disabled for production investigation workflows. If write access is enabled, destructive operations such as DROP and TRUNCATE require the additional `CLICKHOUSE_ALLOW_DROP` opt-in. Treat both flags as privileged operational changes, not normal client configuration. Use a dedicated least-privilege ClickHouse user or role. MCP read-only mode does not hide tables, columns, rows, or system metadata that the database account is already allowed to read. Review model-generated SQL before execution, especially broad table scans, expensive aggregations, cross-database queries, or wide time ranges against production clusters. For HTTP or SSE transports, keep authentication enabled. The upstream server requires authentication by default for those transports and only documents disabling it for local development.
Privacy notesDatabase connection strings, hostnames, schemas, table names, column names, row data, query text, query results, traces, and errors may be visible to the MCP client and model provider. Databases can contain personal data, customer records, credentials, business metrics, audit logs, payment data, healthcare data, and proprietary operational state. Avoid exposing production databases or regulated data unless the database, MCP client, and model session are approved for that access.DB_URL can contain database hostnames, usernames, passwords, database names, driver names, and connection options. Schemas, table names, column names, foreign keys, SQL text, query results, errors, row counts, and generated local result files may be visible to the MCP client and model provider. SQLAlchemy-compatible databases can contain customer records, credentials, analytics, payment data, healthcare data, source-code metadata, or other regulated information. DB_URL, DB_ENGINE_OPTIONS, CLAUDE_LOCAL_FILES_PATH, result files, and database credentials should stay out of prompts, issues, logs, screenshots, and committed files.Queried schemas, table names, rows, connection details, and application data may be exposed through tool calls.Query results, schema definitions, DDL, and session/system metadata from your Teradata instance are surfaced in Claude's context. Your database credentials are embedded in the `DATABASE_URI` — keep it in the MCP config env and never commit it to version control.Query results, database names, table names, column metadata, create-table definitions, and aggregate outputs can become visible to the connected MCP client and model session. ClickHouse data often includes logs, events, analytics records, user identifiers, IP addresses, request payloads, or product usage data; use database permissions and query limits before exposing production datasets. Store ClickHouse passwords, roles, and bearer tokens in MCP environment configuration or your client secret-management flow, not in prompts or checked-in configuration files. chDB support can query local files, URLs, and embedded datasets when enabled. Keep it disabled unless that local data access is intentional.
Prerequisites
  • Node.js and npx available to the MCP client runtime.
  • A PostgreSQL, MySQL, MariaDB, SQL Server, or SQLite database connection.
  • Database credentials with the minimum privileges needed for the workflow.
  • Read-only permissions or DBHub guardrails configured before connecting production data.
  • Python 3.10 and uvx available to the MCP client runtime.
  • SQLAlchemy-compatible database URL for an approved database.
  • Database driver selected with uvx `--with` when the target database requires one.
  • Least-privilege database user with only the schemas and operations Claude should access.
  • PostgreSQL database (local or remote PostgreSQL server)
  • PostgreSQL connection string (PostgreSQL connection URI with user, password, host, port, and database format)
  • Node.js and npx (for running @modelcontextprotocol/server-postgres package)
  • Network access (if connecting to remote PostgreSQL server)
  • A Teradata database instance accessible from your network.
  • A Teradata username and password with appropriate query permissions.
  • Python with `uvx` available.
  • An MCP client such as Claude Code or Claude Desktop.
  • uv available for the documented `uv run --with mcp-clickhouse` launch path, or Python 3.10+ with the `mcp-clickhouse` package installed
  • ClickHouse Cloud or self-hosted ClickHouse reachable from the MCP server
  • Dedicated ClickHouse user with the minimum read permissions needed for the intended databases and tables
  • Claude Code, Claude Desktop, Cursor, VS Code, or another MCP-capable client
Install
npx @bytebase/dbhub@latest --transport stdio --dsn YOUR_DATABASE_DSN
uvx --from mcp-alchemy mcp-alchemy
claude mcp list && claude mcp status postgres
claude mcp add teradata -e DATABASE_URI="teradata://username:password@host:1025/databasename" -- uvx teradata-mcp-server
claude mcp add clickhouse --env CLICKHOUSE_HOST=YOUR_CLICKHOUSE_HOST --env CLICKHOUSE_PORT=8443 --env CLICKHOUSE_USER=YOUR_CLICKHOUSE_USER --env CLICKHOUSE_PASSWORD=YOUR_CLICKHOUSE_PASSWORD --env CLICKHOUSE_SECURE=true --env CLICKHOUSE_VERIFY=true -- uv run --with mcp-clickhouse --python 3.10 mcp-clickhouse
Config
{
  "mcpServers": {
    "dbhub": {
      "command": "npx",
      "args": [
        "@bytebase/dbhub@latest",
        "--transport",
        "stdio",
        "--dsn",
        "YOUR_DATABASE_DSN"
      ]
    }
  }
}
{
  "mcpServers": {
    "mcp-alchemy": {
      "command": "uvx",
      "args": ["--from", "mcp-alchemy", "mcp-alchemy"],
      "env": {
        "DB_URL": "<sqlalchemy-database-url>",
        "EXECUTE_QUERY_MAX_CHARS": "4000"
      }
    }
  }
}
Manual-only setup:
{
  "postgres": {
    "args": [
      "-y",
      "@modelcontextprotocol/server-postgres",
      "postgresql://localhost/mydb"
    ],
    "command": "npx"
  }
}
{
  "mcpServers": {
    "teradata": {
      "command": "uvx",
      "args": ["teradata-mcp-server"],
      "env": {
        "DATABASE_URI": "teradata://username:password@host:1025/databasename",
        "DEFAULT_ROW_LIMIT": "1000",
        "MAX_ROW_LIMIT": "50000"
      }
    }
  }
}
Manual-only setup:
{
  "clickhouse": {
    "command": "uv",
    "args": ["run", "--with", "mcp-clickhouse", "--python", "3.10", "mcp-clickhouse"],
    "env": {
      "CLICKHOUSE_HOST": "<clickhouse-host>",
      "CLICKHOUSE_PORT": "8443",
      "CLICKHOUSE_USER": "<clickhouse-user>",
      "CLICKHOUSE_PASSWORD": "<clickhouse-password>",
      "CLICKHOUSE_SECURE": "true",
      "CLICKHOUSE_VERIFY": "true",
      "CLICKHOUSE_CONNECT_TIMEOUT": "30",
      "CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    DBHub MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  2. 02
    Why it made the cut

    MCP Alchemy is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    Why it made the cut

    Postgresql MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  4. 04
    Why it made the cut

    Teradata MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  5. 05
    Why it made the cut

    ClickHouse MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  6. 06
    Why it made the cut

    DuckDB MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  7. 07
    Why it made the cut

    MCP SQLite Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  8. 08
    Why it made the cut

    MySQL MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  9. 09
    Why it made the cut

    Postgres MCP Pro is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  10. 10
    Why it made the cut

    StarRocks MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  11. 11
    Why it made the cut

    Turso MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  12. 12
    Why it made the cut

    Redis MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  13. 13
    Why it made the cut

    CockroachDB Cloud MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  14. 14
    Why it made the cut

    MotherDuck MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  15. 15
    Why it made the cut

    Neon MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  16. 16
    Why it made the cut

    Airtable MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.