3 compared

Data warehouse MCP servers compared

Analytics/warehouse MCP servers that let Claude query large datasets, compared on trust, setup, and safety.

Open in the interactive comparison tool

Field	Snowflake MCP Server for Claude Snowflake-managed MCP server for connecting Claude and other MCP clients to Cortex Analyst, Cortex Search, Cortex Agents, SQL execution, UDFs, stored procedures, and governed warehouse data. Open dossier	BigQuery MCP Server for Claude Google Cloud remote MCP server for querying BigQuery datasets, inspecting metadata, listing resources, and running governed warehouse analytics through an HTTP endpoint. Open dossier	ClickHouse MCP Server for Claude Connect Claude to ClickHouse for read-only SQL exploration, schema discovery, and safe analytics workflows. Open dossier
Trust
Install risk	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Category	mcp	mcp	mcp
Source	source-backed	source-backed	source-backed
Author	Snowflake	Google Cloud	ClickHouse
Added	2026-06-03	2026-06-03	2026-06-03
Platforms	Claude CodeClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop
Source repo	—	—	—
Safety notes	✓Snowflake recommends verifying third-party MCP servers and tool descriptions before use because overlapping MCP servers can create tool poisoning or tool shadowing risk. Prefer OAuth. Hardcoded tokens and broad Programmatic Access Tokens can leak privileged Snowflake access into client config, logs, shell history, support bundles, or AI transcripts. Configure the Snowflake MCP server and each tool with least privilege. Access to the MCP server object does not automatically mean the user should have access to every Cortex, SQL, UDF, or stored procedure tool behind it. SQL execution tools can query Snowflake data and, if configured with write-capable settings, can run mutating SQL. Review generated SQL and use read-only configuration where Claude should only inspect data. Avoid recursive agent or MCP configurations. Snowflake documents a maximum recursion depth for circular MCP and Cortex Agent invocations, but loops can still create cost, latency, and confusing automation behavior before they stop. UDF and stored procedure tools can execute business logic in Snowflake, so do not expose procedures that perform billing, deletion, notification, privilege, or workflow actions without human approval.	✓Prefer `execute_sql_readonly` for analysis. Google documents `execute_sql` as the only non-read-only BigQuery MCP tool, and it can run BigQuery SQL including DML, DDL, AI/ML functions, and other supported query operations. Use IAM least privilege, dataset-level access controls, and IAM deny policies to restrict read-write MCP tool use when Claude should only inspect warehouse metadata or run SELECT queries. Review LLM-generated SQL before execution. Broad scans, joins, forecasts, ML functions, and AI functions can incur cost, expose sensitive rows, or produce misleading analytics if the model chooses the wrong table or filter. Keep manual approval enabled for query execution, exported results, workflow-triggering automations, and any use of BigQuery insights to create tickets, emails, or downstream actions.	✓The upstream server runs ClickHouse queries in read-only mode by default because `CLICKHOUSE_ALLOW_WRITE_ACCESS` is false unless explicitly enabled. Leave write access disabled for production investigation workflows. If write access is enabled, destructive operations such as DROP and TRUNCATE require the additional `CLICKHOUSE_ALLOW_DROP` opt-in. Treat both flags as privileged operational changes, not normal client configuration. Use a dedicated least-privilege ClickHouse user or role. MCP read-only mode does not hide tables, columns, rows, or system metadata that the database account is already allowed to read. Review model-generated SQL before execution, especially broad table scans, expensive aggregations, cross-database queries, or wide time ranges against production clusters. For HTTP or SSE transports, keep authentication enabled. The upstream server requires authentication by default for those transports and only documents disabling it for local development.
Privacy notes	✓Tool results can expose Snowflake account identifiers, database names, schema names, table names, semantic views, Cortex Search results, SQL text, query results, citations, reasoning traces, tool calls, UDF inputs, stored procedure outputs, and warehouse metadata. Cortex Agent responses intentionally include intermediate steps such as reasoning traces, tool calls, search results, and citations, which can make MCP payloads large and data-rich. Claude transcripts, MCP client logs, terminal scrollback, screenshots, support exports, and generated summaries can retain Snowflake data outside Snowflake's normal access, retention, and audit controls. OAuth sessions use the connecting user's default role for Snowflake MCP access. Confirm default role and default warehouse settings before relying on per-session role selection in clients such as Claude. Warehouse rows, semantic search results, UDF outputs, and stored procedure results can contain prompt-injection text, secrets, customer data, financial data, product telemetry, or regulated data that should not be pasted into unrestricted AI conversations.	✓Tool results can expose project IDs, dataset IDs, table IDs, schemas, metadata, query text, query results, job history, labels, and row-level warehouse data visible to the authenticated principal. BigQuery OAuth scopes can allow viewing and managing BigQuery data and can expose the Google account email address used for authentication. Query results and table data may contain prompt-injection text, customer records, financial data, product analytics, logs, or other sensitive business information; do not let returned rows instruct the agent. If Model Armor logging is enabled for MCP traffic, Google documents that it can log the entire payload, which may expose sensitive prompts or query results in Google Cloud logs.	✓Query results, database names, table names, column metadata, create-table definitions, and aggregate outputs can become visible to the connected MCP client and model session. ClickHouse data often includes logs, events, analytics records, user identifiers, IP addresses, request payloads, or product usage data; use database permissions and query limits before exposing production datasets. Store ClickHouse passwords, roles, and bearer tokens in MCP environment configuration or your client secret-management flow, not in prompts or checked-in configuration files. chDB support can query local files, URLs, and embedded datasets when enabled. Keep it disabled unless that local data access is intentional.
Prerequisites	Snowflake account in a supported region, with the managed MCP server feature available for the account. Database and schema where the MCP server object will be created. Snowflake role with least-privilege access to the MCP server object and each exposed tool. Default role and default warehouse configured for each user who will authenticate through an MCP client.	Google Cloud project with the BigQuery API enabled MCP-capable client that supports remote HTTP MCP servers and Google OAuth or compatible Google Cloud credentials IAM roles or equivalent custom permissions for `roles/mcp.toolUser`, `roles/bigquery.jobUser`, and `roles/bigquery.dataViewer` BigQuery datasets, tables, billing or sandbox setup, and project or region boundaries selected before use	uv available for the documented `uv run --with mcp-clickhouse` launch path, or Python 3.10+ with the `mcp-clickhouse` package installed ClickHouse Cloud or self-hosted ClickHouse reachable from the MCP server Dedicated ClickHouse user with the minimum read permissions needed for the intended databases and tables Claude Code, Claude Desktop, Cursor, VS Code, or another MCP-capable client
Install	`claude mcp add --transport http snowflake https://ACCOUNT.snowflakecomputing.com/api/v2/databases/DATABASE/schemas/SCHEMA/mcp-servers/SERVER_NAME`	`claude mcp add --transport http bigquery https://bigquery.googleapis.com/mcp`	`claude mcp add clickhouse --env CLICKHOUSE_HOST=YOUR_CLICKHOUSE_HOST --env CLICKHOUSE_PORT=8443 --env CLICKHOUSE_USER=YOUR_CLICKHOUSE_USER --env CLICKHOUSE_PASSWORD=YOUR_CLICKHOUSE_PASSWORD --env CLICKHOUSE_SECURE=true --env CLICKHOUSE_VERIFY=true -- uv run --with mcp-clickhouse --python 3.10 mcp-clickhouse`
Config	`{ "mcpServers": { "snowflake": { "type": "http", "url": "https://ACCOUNT.snowflakecomputing.com/api/v2/databases/DATABASE/schemas/SCHEMA/mcp-servers/SERVER_NAME" } } }`	`{ "mcpServers": { "bigquery": { "type": "http", "url": "https://bigquery.googleapis.com/mcp" } } }`	`Manual-only setup: { "clickhouse": { "command": "uv", "args": ["run", "--with", "mcp-clickhouse", "--python", "3.10", "mcp-clickhouse"], "env": { "CLICKHOUSE_HOST": "<clickhouse-host>", "CLICKHOUSE_PORT": "8443", "CLICKHOUSE_USER": "<clickhouse-user>", "CLICKHOUSE_PASSWORD": "<clickhouse-password>", "CLICKHOUSE_SECURE": "true", "CLICKHOUSE_VERIFY": "true", "CLICKHOUSE_CONNECT_TIMEOUT": "30", "CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30" } } }`
Citations	Source repositorygithub.com 2026-06-18T00:14:21+00:00 Documentationdocs.snowflake.com Submitted by oktofeesh12026-06-03	Source repositorygithub.com 2026-06-18T00:14:21+00:00 Documentationdocs.cloud.google.com Submitted by oktofeesh12026-06-03	Source repositorygithub.com 2026-06-18T00:14:21+00:00 Documentationgithub.com Submitted by oktofeesh12026-06-03
Claim	Unclaimed	Unclaimed	Unclaimed

More comparisons, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.