Skip to main content
mcpSource-backed

ClickHouse MCP Server for Claude

Connect Claude to ClickHouse for read-only SQL exploration, schema discovery, and safe analytics workflows.

by ClickHouse · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://github.com/ClickHouse/mcp-clickhouse#readme, https://github.com/ClickHouse/mcp-clickhouse
Safety notes
The upstream server runs ClickHouse queries in read-only mode by default because `CLICKHOUSE_ALLOW_WRITE_ACCESS` is false unless explicitly enabled. Leave write access disabled for production investigation workflows., If write access is enabled, destructive operations such as DROP and TRUNCATE require the additional `CLICKHOUSE_ALLOW_DROP` opt-in. Treat both flags as privileged operational changes, not normal client configuration., Use a dedicated least-privilege ClickHouse user or role. MCP read-only mode does not hide tables, columns, rows, or system metadata that the database account is already allowed to read., Review model-generated SQL before execution, especially broad table scans, expensive aggregations, cross-database queries, or wide time ranges against production clusters., For HTTP or SSE transports, keep authentication enabled. The upstream server requires authentication by default for those transports and only documents disabling it for local development.
Privacy notes
Query results, database names, table names, column metadata, create-table definitions, and aggregate outputs can become visible to the connected MCP client and model session., ClickHouse data often includes logs, events, analytics records, user identifiers, IP addresses, request payloads, or product usage data; use database permissions and query limits before exposing production datasets., Store ClickHouse passwords, roles, and bearer tokens in MCP environment configuration or your client secret-management flow, not in prompts or checked-in configuration files., chDB support can query local files, URLs, and embedded datasets when enabled. Keep it disabled unless that local data access is intentional.
Author
ClickHouse
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

10 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

5 prerequisites to line up before setup.

0/5 ready
Install & runtime3Permissions & scopes1Network & hosting110 minutes

Safety & privacy surface

Safety & privacy surface

5 safety and 4 privacy notes across 6 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

6 areas
  • SafetyExecution & processesThe upstream server runs ClickHouse queries in read-only mode by default because `CLICKHOUSE_ALLOW_WRITE_ACCESS` is false unless explicitly enabled. Leave write access disabled for production investigation workflows.
  • SafetyExecution & processesIf write access is enabled, destructive operations such as DROP and TRUNCATE require the additional `CLICKHOUSE_ALLOW_DROP` opt-in. Treat both flags as privileged operational changes, not normal client configuration.
  • SafetyPermissions & scopesUse a dedicated least-privilege ClickHouse user or role. MCP read-only mode does not hide tables, columns, rows, or system metadata that the database account is already allowed to read.
  • SafetyGeneralReview model-generated SQL before execution, especially broad table scans, expensive aggregations, cross-database queries, or wide time ranges against production clusters.
  • SafetyNetwork accessFor HTTP or SSE transports, keep authentication enabled. The upstream server requires authentication by default for those transports and only documents disabling it for local development.
  • PrivacyCredentials & tokensQuery results, database names, table names, column metadata, create-table definitions, and aggregate outputs can become visible to the connected MCP client and model session.
  • PrivacyPermissions & scopesClickHouse data often includes logs, events, analytics records, user identifiers, IP addresses, request payloads, or product usage data; use database permissions and query limits before exposing production datasets.
  • PrivacyCredentials & tokensStore ClickHouse passwords, roles, and bearer tokens in MCP environment configuration or your client secret-management flow, not in prompts or checked-in configuration files.
  • PrivacyLocal fileschDB support can query local files, URLs, and embedded datasets when enabled. Keep it disabled unless that local data access is intentional.

Safety notes

  • The upstream server runs ClickHouse queries in read-only mode by default because `CLICKHOUSE_ALLOW_WRITE_ACCESS` is false unless explicitly enabled. Leave write access disabled for production investigation workflows.
  • If write access is enabled, destructive operations such as DROP and TRUNCATE require the additional `CLICKHOUSE_ALLOW_DROP` opt-in. Treat both flags as privileged operational changes, not normal client configuration.
  • Use a dedicated least-privilege ClickHouse user or role. MCP read-only mode does not hide tables, columns, rows, or system metadata that the database account is already allowed to read.
  • Review model-generated SQL before execution, especially broad table scans, expensive aggregations, cross-database queries, or wide time ranges against production clusters.
  • For HTTP or SSE transports, keep authentication enabled. The upstream server requires authentication by default for those transports and only documents disabling it for local development.

Privacy notes

  • Query results, database names, table names, column metadata, create-table definitions, and aggregate outputs can become visible to the connected MCP client and model session.
  • ClickHouse data often includes logs, events, analytics records, user identifiers, IP addresses, request payloads, or product usage data; use database permissions and query limits before exposing production datasets.
  • Store ClickHouse passwords, roles, and bearer tokens in MCP environment configuration or your client secret-management flow, not in prompts or checked-in configuration files.
  • chDB support can query local files, URLs, and embedded datasets when enabled. Keep it disabled unless that local data access is intentional.

Prerequisites

  • uv available for the documented `uv run --with mcp-clickhouse` launch path, or Python 3.10+ with the `mcp-clickhouse` package installed
  • ClickHouse Cloud or self-hosted ClickHouse reachable from the MCP server
  • Dedicated ClickHouse user with the minimum read permissions needed for the intended databases and tables
  • Claude Code, Claude Desktop, Cursor, VS Code, or another MCP-capable client
  • Optional chDB support only when local embedded ClickHouse queries are part of the workflow

Schema details

Install type
cli
Troubleshooting
Yes
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Full copyable content
{
  "clickhouse": {
    "command": "uv",
    "args": ["run", "--with", "mcp-clickhouse", "--python", "3.10", "mcp-clickhouse"],
    "env": {
      "CLICKHOUSE_HOST": "<clickhouse-host>",
      "CLICKHOUSE_PORT": "8443",
      "CLICKHOUSE_USER": "<clickhouse-user>",
      "CLICKHOUSE_PASSWORD": "<clickhouse-password>",
      "CLICKHOUSE_SECURE": "true",
      "CLICKHOUSE_VERIFY": "true",
      "CLICKHOUSE_CONNECT_TIMEOUT": "30",
      "CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
    }
  }
}

About this resource

Content

The ClickHouse MCP server connects Claude and other MCP-capable clients to a ClickHouse cluster for SQL exploration, schema discovery, and analytics investigation. It is maintained under the ClickHouse GitHub organization and is published as the mcp-clickhouse Python package.

This entry is focused on the safe query path for production-adjacent data work: use a dedicated read-only ClickHouse user, keep the server's write flag disabled, and let Claude inspect databases, tables, and query results without giving it unnecessary mutation privileges.

The upstream server also supports chDB, ClickHouse's embedded analytical engine, for local file and embedded dataset workflows. Keep chDB disabled unless local file-backed analysis is explicitly part of the MCP setup.

Features

  • Execute ClickHouse SQL through the run_query MCP tool.
  • Read-only query mode is the default unless CLICKHOUSE_ALLOW_WRITE_ACCESS is explicitly enabled.
  • List ClickHouse databases.
  • List tables in a database with pagination, LIKE and NOT LIKE filters, page size controls, and optional detailed column metadata.
  • Use chDB support for embedded ClickHouse-style queries when the optional package extra is installed and enabled.
  • Run over stdio for local MCP clients.
  • Run with HTTP or SSE transports when deployment requires a service endpoint.
  • Require bearer-token, OAuth, OIDC, or equivalent FastMCP authentication for HTTP/SSE transports unless explicitly disabled for local development.
  • Add custom FastMCP middleware for logging, request timing, tenant routing, or other deployment-specific policy checks.

Use Cases

  • Give Claude controlled read access to analytics tables for debugging, dashboard investigation, or exploratory reporting.
  • Ask Claude to list relevant databases and tables before writing a query.
  • Inspect table schemas and column metadata before generating SQL.
  • Run bounded SELECT queries against ClickHouse Cloud or a self-hosted ClickHouse deployment.
  • Compare counts, time buckets, or aggregate metrics during an incident without granting DDL or DML access.
  • Use chDB locally for file-backed analytics when data should stay on the developer machine.

Installation

Claude Code

  1. Install uv and confirm it is available to the process that launches Claude.
  2. Create a dedicated ClickHouse user or role with only the read privileges needed for the target databases and tables.
  3. Add the MCP server with the ClickHouse connection environment:
claude mcp add clickhouse --env CLICKHOUSE_HOST=YOUR_CLICKHOUSE_HOST --env CLICKHOUSE_PORT=8443 --env CLICKHOUSE_USER=YOUR_CLICKHOUSE_USER --env CLICKHOUSE_PASSWORD=YOUR_CLICKHOUSE_PASSWORD --env CLICKHOUSE_SECURE=true --env CLICKHOUSE_VERIFY=true -- uv run --with mcp-clickhouse --python 3.10 mcp-clickhouse
  1. Restart or refresh the MCP client session.
  2. Start with database and table listing before running a bounded query.

Claude Desktop

  1. Open the Claude Desktop MCP configuration file.
  2. Add the clickhouse server configuration shown below.
  3. Replace the placeholder host, user, password, and optional role values with your ClickHouse connection details.
  4. Restart Claude Desktop and test with a narrow database listing or table metadata request.

Configuration

{
  "clickhouse": {
    "command": "uv",
    "args": ["run", "--with", "mcp-clickhouse", "--python", "3.10", "mcp-clickhouse"],
    "env": {
      "CLICKHOUSE_HOST": "<clickhouse-host>",
      "CLICKHOUSE_PORT": "8443",
      "CLICKHOUSE_USER": "<clickhouse-user>",
      "CLICKHOUSE_PASSWORD": "<clickhouse-password>",
      "CLICKHOUSE_SECURE": "true",
      "CLICKHOUSE_VERIFY": "true",
      "CLICKHOUSE_CONNECT_TIMEOUT": "30",
      "CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
    }
  }
}

Keep CLICKHOUSE_ALLOW_WRITE_ACCESS unset or false for normal investigation workflows. Only set it to true when the MCP client is intentionally allowed to run write operations, and only set CLICKHOUSE_ALLOW_DROP when destructive operations are explicitly approved.

Examples

Discover available data

Ask Claude to list databases and then list tables in a specific database before writing any query.

List ClickHouse databases, then show tables in the analytics database with page size 25.

Inspect table metadata

Fetch table details before asking for an aggregate query.

Show the columns and create-table definition for analytics.events before writing a query.

Run a bounded aggregate query

Keep production queries narrow by specifying a database, table, time window, and maximum result shape.

Query the last 30 minutes of analytics.events and group error counts by service, returning the top 20 services only.

Check read-only posture

Ask Claude to explain which ClickHouse user it is configured to use and confirm whether write-access environment flags are absent.

Before running queries, summarize the ClickHouse connection settings and confirm write access is not enabled.

Security

  • Treat the MCP database user like any other external database client. Do not use the default, admin, or owner account for agent workflows.
  • Prefer database-enforced least privilege over relying only on MCP-side SQL classification. The server's read-only default is valuable, but database grants decide what data can be read.
  • Keep CLICKHOUSE_ALLOW_WRITE_ACCESS disabled unless the user has explicitly approved write-capable automation for that environment.
  • Keep CLICKHOUSE_ALLOW_DROP disabled unless destructive operations are part of a deliberate, reviewed maintenance workflow.
  • For HTTP/SSE deployments, configure bearer-token or identity-provider authentication and do not expose unauthenticated MCP endpoints to a network.
  • Review queries before execution when they touch large tables, broad time ranges, sensitive schemas, or high-cost aggregations.

Troubleshooting

Claude cannot start the server

Confirm uv is installed and available to the MCP client process. If uv is not the desired runtime, install mcp-clickhouse with Python 3.10+ and update the command to run the installed package directly.

Authentication fails

Verify CLICKHOUSE_HOST, CLICKHOUSE_PORT, CLICKHOUSE_USER, and CLICKHOUSE_PASSWORD. If your user requires a role, add CLICKHOUSE_ROLE to the environment.

TLS connection fails

Keep CLICKHOUSE_SECURE=true and CLICKHOUSE_VERIFY=true for production. If a proxy or load balancer uses a different certificate hostname, configure the server hostname override documented by the upstream project.

Queries return permission errors

Check the ClickHouse grants for the configured user or role. A connection can authenticate successfully while still lacking permission to read a database, table, system table, or metadata view.

Responses are too large

Use table filters, page sizes, aggregate queries, explicit time windows, and top-N limits before asking Claude to inspect large tables or detailed schemas.

Source citations

Add this badge to your README

Show that ClickHouse MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/clickhouse-mcp-server.svg)](https://heyclau.de/entry/mcp/clickhouse-mcp-server)

How it compares

ClickHouse MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field

Connect Claude to ClickHouse for read-only SQL exploration, schema discovery, and safe analytics workflows.

Open dossier

MCP server for querying a local DuckDB database file from Claude through a single SQL query tool, with optional DuckDB-native read-only mode.

Open dossier

Google Cloud remote MCP server for querying BigQuery datasets, inspecting metadata, listing resources, and running governed warehouse analytics through an HTTP endpoint.

Open dossier

Official StarRocks MCP server for SQL execution, database exploration, StarRocks resource templates, system information, table/database overviews, and Plotly chart generation.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
Submitteroktofeesh1oktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandStarRocks logoStarRocks
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorClickHousektanaka101Google CloudStarRocks
Added2026-06-032026-06-062026-06-032026-06-06
Platforms
Harness
Source repo
Safety notesThe upstream server runs ClickHouse queries in read-only mode by default because `CLICKHOUSE_ALLOW_WRITE_ACCESS` is false unless explicitly enabled. Leave write access disabled for production investigation workflows. If write access is enabled, destructive operations such as DROP and TRUNCATE require the additional `CLICKHOUSE_ALLOW_DROP` opt-in. Treat both flags as privileged operational changes, not normal client configuration. Use a dedicated least-privilege ClickHouse user or role. MCP read-only mode does not hide tables, columns, rows, or system metadata that the database account is already allowed to read. Review model-generated SQL before execution, especially broad table scans, expensive aggregations, cross-database queries, or wide time ranges against production clusters. For HTTP or SSE transports, keep authentication enabled. The upstream server requires authentication by default for those transports and only documents disabling it for local development.The server exposes a single `query` tool that can execute any valid DuckDB SQL statement against the configured database. Without `--readonly`, the server can create the database file, create tables, insert data, update rows, delete rows, and mutate database state. With `--readonly`, the server opens DuckDB with native read-only protection and fails to start if the database file or parent directory is missing. The `--keep-connection` option can hold a persistent DuckDB connection and file lock for the server lifetime. Treat SQL generated by a model as executable code; review queries before running them on important data.Prefer `execute_sql_readonly` for analysis. Google documents `execute_sql` as the only non-read-only BigQuery MCP tool, and it can run BigQuery SQL including DML, DDL, AI/ML functions, and other supported query operations. Use IAM least privilege, dataset-level access controls, and IAM deny policies to restrict read-write MCP tool use when Claude should only inspect warehouse metadata or run SELECT queries. Review LLM-generated SQL before execution. Broad scans, joins, forecasts, ML functions, and AI functions can incur cost, expose sensitive rows, or produce misleading analytics if the model chooses the wrong table or filter. Keep manual approval enabled for query execution, exported results, workflow-triggering automations, and any use of BigQuery insights to create tickets, emails, or downstream actions.StarRocks MCP can execute SQL through `read_query` and DDL/DML through `write_query`. The `write_query` tool is documented for CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, and other commands that do not return a result set. The `read_query` tool can write full query results to files when `output_file` is provided; relative paths use STARROCKS_MCP_OUTPUT_DIR, while absolute and home-relative paths bypass that directory. Overview tools can sample rows, count rows, cache table summaries in memory, and return cached errors or stale summaries until refreshed. The `query_and_plotly_chart` tool executes a SQL query and uses a Python Plotly expression to generate chart output from the result DataFrame. Resource templates can expose database, table, proc, transaction, job, task, catalog, frontend, backend, and compute-node information. SSE mode is documented as deprecated; prefer stdio or streamable HTTP with explicit network controls.
Privacy notesQuery results, database names, table names, column metadata, create-table definitions, and aggregate outputs can become visible to the connected MCP client and model session. ClickHouse data often includes logs, events, analytics records, user identifiers, IP addresses, request payloads, or product usage data; use database permissions and query limits before exposing production datasets. Store ClickHouse passwords, roles, and bearer tokens in MCP environment configuration or your client secret-management flow, not in prompts or checked-in configuration files. chDB support can query local files, URLs, and embedded datasets when enabled. Keep it disabled unless that local data access is intentional.Tool calls and results can expose database paths, table names, schemas, query text, row values, file paths referenced by SQL, and analytical results to the MCP client and model provider. DuckDB can query local files and extensions depending on SQL, configuration, and installed capabilities; keep the server scoped to approved data directories. Do not point writable sessions at production, customer, regulated, or irreplaceable DuckDB files without backups and explicit approval. Query errors can reveal schema names, file paths, and data-shape details.Tool results can expose project IDs, dataset IDs, table IDs, schemas, metadata, query text, query results, job history, labels, and row-level warehouse data visible to the authenticated principal. BigQuery OAuth scopes can allow viewing and managing BigQuery data and can expose the Google account email address used for authentication. Query results and table data may contain prompt-injection text, customer records, financial data, product analytics, logs, or other sensitive business information; do not let returned rows instruct the agent. If Model Armor logging is enabled for MCP traffic, Google documents that it can log the entire payload, which may expose sensitive prompts or query results in Google Cloud logs.StarRocks credentials, connection URLs, database names, table names, schemas, SQL text, query results, sample rows, proc output, generated chart images, errors, and output-file paths may be visible to the MCP client and model provider. StarRocks datasets can contain customer records, telemetry, analytics, business metrics, security data, billing data, or other regulated information. Output files created by `read_query` remain on the machine where the MCP server runs, which may be local for desktop clients or remote for HTTP deployments. STARROCKS_URL, STARROCKS_PASSWORD, Keychain service names, database credentials, and generated result files should stay out of prompts, issues, logs, screenshots, and committed files.
Prerequisites
  • uv available for the documented `uv run --with mcp-clickhouse` launch path, or Python 3.10+ with the `mcp-clickhouse` package installed
  • ClickHouse Cloud or self-hosted ClickHouse reachable from the MCP server
  • Dedicated ClickHouse user with the minimum read permissions needed for the intended databases and tables
  • Claude Code, Claude Desktop, Cursor, VS Code, or another MCP-capable client
  • Python and `uvx` available to the MCP client runtime.
  • Existing DuckDB database file when using `--readonly`.
  • Path to a DuckDB database file that Claude is allowed to query.
  • Decision on whether the server should run in read-only mode before connecting it to an agent.
  • Google Cloud project with the BigQuery API enabled
  • MCP-capable client that supports remote HTTP MCP servers and Google OAuth or compatible Google Cloud credentials
  • IAM roles or equivalent custom permissions for `roles/mcp.toolUser`, `roles/bigquery.jobUser`, and `roles/bigquery.dataViewer`
  • BigQuery datasets, tables, billing or sandbox setup, and project or region boundaries selected before use
  • Python 3.10 or newer and uv available to the MCP client runtime.
  • StarRocks FE host, MySQL protocol port, database, username, and password.
  • Least-privilege StarRocks user with only the approved databases and operations.
  • Written policy for whether `write_query` may be used in the workspace.
Install
claude mcp add clickhouse --env CLICKHOUSE_HOST=YOUR_CLICKHOUSE_HOST --env CLICKHOUSE_PORT=8443 --env CLICKHOUSE_USER=YOUR_CLICKHOUSE_USER --env CLICKHOUSE_PASSWORD=YOUR_CLICKHOUSE_PASSWORD --env CLICKHOUSE_SECURE=true --env CLICKHOUSE_VERIFY=true -- uv run --with mcp-clickhouse --python 3.10 mcp-clickhouse
uvx mcp-server-duckdb --db-path ./data.duckdb --readonly
claude mcp add --transport http bigquery https://bigquery.googleapis.com/mcp
uv run --with mcp-server-starrocks mcp-server-starrocks
Config
Manual-only setup:
{
  "clickhouse": {
    "command": "uv",
    "args": ["run", "--with", "mcp-clickhouse", "--python", "3.10", "mcp-clickhouse"],
    "env": {
      "CLICKHOUSE_HOST": "<clickhouse-host>",
      "CLICKHOUSE_PORT": "8443",
      "CLICKHOUSE_USER": "<clickhouse-user>",
      "CLICKHOUSE_PASSWORD": "<clickhouse-password>",
      "CLICKHOUSE_SECURE": "true",
      "CLICKHOUSE_VERIFY": "true",
      "CLICKHOUSE_CONNECT_TIMEOUT": "30",
      "CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
    }
  }
}
{
  "mcpServers": {
    "duckdb": {
      "command": "uvx",
      "args": ["mcp-server-duckdb", "--db-path", "./data.duckdb", "--readonly"]
    }
  }
}
{
  "mcpServers": {
    "bigquery": {
      "type": "http",
      "url": "https://bigquery.googleapis.com/mcp"
    }
  }
}
{
  "mcpServers": {
    "starrocks": {
      "command": "uv",
      "args": ["run", "--with", "mcp-server-starrocks", "mcp-server-starrocks"],
      "env": {
        "STARROCKS_HOST": "<starrocks-fe-host>",
        "STARROCKS_PORT": "9030",
        "STARROCKS_USER": "<least-privilege-user>",
        "STARROCKS_PASSWORD": "<starrocks-password>",
        "STARROCKS_DB": "<approved-database>",
        "MCP_TRANSPORT_MODE": "stdio",
        "STARROCKS_MCP_OUTPUT_DIR": "<approved-output-dir>"
      }
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.