Skip to main content
mcpSource-backed

Snowflake MCP Server for Claude

Snowflake-managed MCP server for connecting Claude and other MCP clients to Cortex Analyst, Cortex Search, Cortex Agents, SQL execution, UDFs, stored procedures, and governed warehouse data.

by Snowflake · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://docs.snowflake.com/en/user-guide/snowflake-cortex/cortex-agents-mcp, https://github.com/Snowflake-Labs/mcp
Safety notes
Snowflake recommends verifying third-party MCP servers and tool descriptions before use because overlapping MCP servers can create tool poisoning or tool shadowing risk., Prefer OAuth. Hardcoded tokens and broad Programmatic Access Tokens can leak privileged Snowflake access into client config, logs, shell history, support bundles, or AI transcripts., Configure the Snowflake MCP server and each tool with least privilege. Access to the MCP server object does not automatically mean the user should have access to every Cortex, SQL, UDF, or stored procedure tool behind it., SQL execution tools can query Snowflake data and, if configured with write-capable settings, can run mutating SQL. Review generated SQL and use read-only configuration where Claude should only inspect data., Avoid recursive agent or MCP configurations. Snowflake documents a maximum recursion depth for circular MCP and Cortex Agent invocations, but loops can still create cost, latency, and confusing automation behavior before they stop., UDF and stored procedure tools can execute business logic in Snowflake, so do not expose procedures that perform billing, deletion, notification, privilege, or workflow actions without human approval.
Privacy notes
Tool results can expose Snowflake account identifiers, database names, schema names, table names, semantic views, Cortex Search results, SQL text, query results, citations, reasoning traces, tool calls, UDF inputs, stored procedure outputs, and warehouse metadata., Cortex Agent responses intentionally include intermediate steps such as reasoning traces, tool calls, search results, and citations, which can make MCP payloads large and data-rich., Claude transcripts, MCP client logs, terminal scrollback, screenshots, support exports, and generated summaries can retain Snowflake data outside Snowflake's normal access, retention, and audit controls., OAuth sessions use the connecting user's default role for Snowflake MCP access. Confirm default role and default warehouse settings before relying on per-session role selection in clients such as Claude., Warehouse rows, semantic search results, UDF outputs, and stored procedure results can contain prompt-injection text, secrets, customer data, financial data, product telemetry, or regulated data that should not be pasted into unrestricted AI conversations.
Author
Snowflake
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

30 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

7 prerequisites to line up before setup. Have accounts and credentials ready first. Includes a review or approval gate.

0/7 ready
Account & credentials2Configuration1Permissions & scopes2Network & hosting1Review & approval130 minutes

Safety & privacy surface

Safety & privacy surface

6 safety and 5 privacy notes across 5 risk areas. Review closely: credentials & tokens, third-party handling.

5 areas
  • SafetyThird-party handlingSnowflake recommends verifying third-party MCP servers and tool descriptions before use because overlapping MCP servers can create tool poisoning or tool shadowing risk.
  • SafetyCredentials & tokensPrefer OAuth. Hardcoded tokens and broad Programmatic Access Tokens can leak privileged Snowflake access into client config, logs, shell history, support bundles, or AI transcripts.
  • SafetyData retentionConfigure the Snowflake MCP server and each tool with least privilege. Access to the MCP server object does not automatically mean the user should have access to every Cortex, SQL, UDF, or stored procedure tool behind it.
  • SafetyExecution & processesSQL execution tools can query Snowflake data and, if configured with write-capable settings, can run mutating SQL. Review generated SQL and use read-only configuration where Claude should only inspect data.
  • SafetyGeneralAvoid recursive agent or MCP configurations. Snowflake documents a maximum recursion depth for circular MCP and Cortex Agent invocations, but loops can still create cost, latency, and confusing automation behavior before they stop.
  • SafetyExecution & processesUDF and stored procedure tools can execute business logic in Snowflake, so do not expose procedures that perform billing, deletion, notification, privilege, or workflow actions without human approval.
  • PrivacyData retentionTool results can expose Snowflake account identifiers, database names, schema names, table names, semantic views, Cortex Search results, SQL text, query results, citations, reasoning traces, tool calls, UDF inputs, stored procedure outputs, and warehouse metadata.
  • PrivacyGeneralCortex Agent responses intentionally include intermediate steps such as reasoning traces, tool calls, search results, and citations, which can make MCP payloads large and data-rich.
  • PrivacyExecution & processesClaude transcripts, MCP client logs, terminal scrollback, screenshots, support exports, and generated summaries can retain Snowflake data outside Snowflake's normal access, retention, and audit controls.
  • PrivacyCredentials & tokensOAuth sessions use the connecting user's default role for Snowflake MCP access. Confirm default role and default warehouse settings before relying on per-session role selection in clients such as Claude.
  • PrivacyCredentials & tokensWarehouse rows, semantic search results, UDF outputs, and stored procedure results can contain prompt-injection text, secrets, customer data, financial data, product telemetry, or regulated data that should not be pasted into unrestricted AI conversations.

Safety notes

  • Snowflake recommends verifying third-party MCP servers and tool descriptions before use because overlapping MCP servers can create tool poisoning or tool shadowing risk.
  • Prefer OAuth. Hardcoded tokens and broad Programmatic Access Tokens can leak privileged Snowflake access into client config, logs, shell history, support bundles, or AI transcripts.
  • Configure the Snowflake MCP server and each tool with least privilege. Access to the MCP server object does not automatically mean the user should have access to every Cortex, SQL, UDF, or stored procedure tool behind it.
  • SQL execution tools can query Snowflake data and, if configured with write-capable settings, can run mutating SQL. Review generated SQL and use read-only configuration where Claude should only inspect data.
  • Avoid recursive agent or MCP configurations. Snowflake documents a maximum recursion depth for circular MCP and Cortex Agent invocations, but loops can still create cost, latency, and confusing automation behavior before they stop.
  • UDF and stored procedure tools can execute business logic in Snowflake, so do not expose procedures that perform billing, deletion, notification, privilege, or workflow actions without human approval.

Privacy notes

  • Tool results can expose Snowflake account identifiers, database names, schema names, table names, semantic views, Cortex Search results, SQL text, query results, citations, reasoning traces, tool calls, UDF inputs, stored procedure outputs, and warehouse metadata.
  • Cortex Agent responses intentionally include intermediate steps such as reasoning traces, tool calls, search results, and citations, which can make MCP payloads large and data-rich.
  • Claude transcripts, MCP client logs, terminal scrollback, screenshots, support exports, and generated summaries can retain Snowflake data outside Snowflake's normal access, retention, and audit controls.
  • OAuth sessions use the connecting user's default role for Snowflake MCP access. Confirm default role and default warehouse settings before relying on per-session role selection in clients such as Claude.
  • Warehouse rows, semantic search results, UDF outputs, and stored procedure results can contain prompt-injection text, secrets, customer data, financial data, product telemetry, or regulated data that should not be pasted into unrestricted AI conversations.

Prerequisites

  • Snowflake account in a supported region, with the managed MCP server feature available for the account.
  • Database and schema where the MCP server object will be created.
  • Snowflake role with least-privilege access to the MCP server object and each exposed tool.
  • Default role and default warehouse configured for each user who will authenticate through an MCP client.
  • Snowflake OAuth security integration for the MCP client, or an approved Programmatic Access Token fallback when OAuth is not available.
  • Reviewed Cortex Analyst, Cortex Search, Cortex Agent, SQL execution, UDF, or stored procedure tools that should be exposed to Claude.
  • MCP client that supports HTTP transport and Snowflake authentication, such as Claude, VS Code, or another compatible client.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
30 minutes
Difficulty
advanced
Full copyable content
{
  "mcpServers": {
    "snowflake": {
      "type": "http",
      "url": "https://ACCOUNT.snowflakecomputing.com/api/v2/databases/DATABASE/schemas/SCHEMA/mcp-servers/SERVER_NAME"
    }
  }
}

About this resource

Content

The Snowflake-managed MCP server lets Claude and other MCP-capable clients discover and call governed Snowflake tools without deploying a separate server beside the warehouse. Snowflake administrators create an MCP server object in a database and schema, attach selected tools, configure OAuth or token-based access, and grant roles access to the server and the underlying tools.

This is an enterprise data-access integration, not a toy local connector. Treat the MCP server as a governed interface to Snowflake data, Cortex AI features, SQL execution, UDFs, stored procedures, and agent workflows. Start with narrow read-only tools, explicit role grants, and non-production data before allowing Claude to query broader warehouses or trigger custom tools.

Features

  • Snowflake-managed MCP endpoint for database and schema scoped MCP server objects.
  • Snowflake OAuth based authentication, with Programmatic Access Token fallback when OAuth is not available.
  • Role-based access control for MCP server discovery and individual tool use.
  • Cortex Search Service query tools for unstructured search over Snowflake data.
  • Cortex Analyst tools for natural-language analysis over supported semantic views.
  • Cortex Agent tools for invoking configured Snowflake Cortex Agents through MCP.
  • SQL execution tools, with documented read-only configuration and query timeout options.
  • Custom tools backed by Snowflake UDFs and stored procedures.
  • Support for standard MCP tools/list and tools/call requests.
  • Official Snowflake-Labs open-source MCP repository for Snowflake MCP workflows that need a Snowflake-backed server implementation outside the managed server path.

Use Cases

  • Let Claude ask governed questions over Snowflake semantic views through Cortex Analyst.
  • Search enterprise knowledge or product data through Cortex Search without handing Claude unrestricted database access.
  • Expose a narrowly scoped read-only SQL execution tool for bounded warehouse analysis.
  • Call approved Snowflake UDFs or stored procedures as MCP tools after human review of the business action.
  • Connect an MCP client to a Cortex Agent that already has curated resources, tools, and response behavior.
  • Prototype Snowflake-backed MCP workflows locally with the Snowflake-Labs MCP repository, then move production access behind managed Snowflake governance.

Installation

Snowflake setup

  1. Choose the database and schema where the MCP server object will live.
  2. Create or select the Cortex Analyst, Cortex Search, Cortex Agent, SQL, UDF, or stored procedure tools that should be exposed.
  3. Create the Snowflake MCP server object with a reviewed specification.
  4. Configure Snowflake OAuth for the client or approve a least-privilege Programmatic Access Token fallback.
  5. Grant the connecting role access to the MCP server and only the tools it should discover and invoke.
  6. Set each MCP user's default role and default warehouse to the intended least-privilege values.

Claude Code

After the Snowflake MCP server object and authentication are configured, add the server URL to Claude Code:

claude mcp add --transport http snowflake https://ACCOUNT.snowflakecomputing.com/api/v2/databases/DATABASE/schemas/SCHEMA/mcp-servers/SERVER_NAME

Start with a prompt that lists tools and summarizes what each one can access before asking Claude to query or invoke anything.

Configuration

{
  "mcpServers": {
    "snowflake": {
      "type": "http",
      "url": "https://ACCOUNT.snowflakecomputing.com/api/v2/databases/DATABASE/schemas/SCHEMA/mcp-servers/SERVER_NAME"
    }
  }
}

Examples

Inspect available tools first

List the Snowflake MCP tools available on this server and explain what each one can access before calling any tool.

Query through Cortex Analyst

Use the approved Cortex Analyst tool to answer this revenue question from the semantic view, then show the generated SQL before summarizing.

Search governed data

Use the product Cortex Search tool to find the top matches for this customer question and include citations from the returned search results.

Run bounded read-only SQL

Use the read-only Snowflake SQL tool to return the top 10 rows needed for this analysis, avoiding broad scans or writes.

Call a custom tool after review

Show the exact stored procedure tool call you want to make and wait for approval before invoking it.

Source notes

  • Snowflake's official documentation describes the Snowflake-managed MCP server as a generally available feature for letting AI agents retrieve data from Snowflake accounts without deploying separate infrastructure.
  • The documentation says MCP servers on Snowflake can expose Cortex Analyst, Cortex Search, Cortex Agents, SQL execution, UDFs, and stored procedures as tools through a standards-based interface.
  • Snowflake documents OAuth-based authentication, role-based access control, the importance of least privilege, default role behavior for OAuth sessions, and default warehouse requirements.
  • Snowflake's security recommendations warn about third-party MCP server verification, hardcoded token leakage, least-privilege PATs, tool-level permissions, and recursive MCP or Cortex Agent loops.
  • The docs show the MCP server endpoint shape under /api/v2/databases/<database>/schemas/<schema>/mcp-servers/<name> and describe tools/list and tools/call interactions.
  • The GitHub repository Snowflake-Labs/mcp is Apache-2.0 licensed and describes an MCP server for Snowflake including Cortex AI, object management, SQL orchestration, semantic view consumption, and more.

Duplicate check

Checked current content/mcp/, content/tools/, guides, skills, agents, open pull requests, live issue state, and repository-wide content for Snowflake MCP, Snowflake-managed MCP, Cortex Agents MCP, Cortex Analyst MCP, Cortex Search MCP, Snowflake-Labs/mcp, SYSTEM_EXECUTE_SQL, CORTEX_AGENT_RUN, CORTEX_SEARCH_SERVICE_QUERY, CORTEX_ANALYST_MESSAGE, snowflakecomputing.com/api/v2, and Snowflake SQL MCP. Existing BigQuery and database MCP entries cover adjacent warehouse access, and the TruLens entry mentions Snowflake as the current steward of TruLens, but no dedicated Snowflake MCP entry, Snowflake MCP source URL duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used.

Source citations

Add this badge to your README

Show that Snowflake MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/snowflake-mcp-server.svg)](https://heyclau.de/entry/mcp/snowflake-mcp-server)

How it compares

Snowflake MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Snowflake-managed MCP server for connecting Claude and other MCP clients to Cortex Analyst, Cortex Search, Cortex Agents, SQL execution, UDFs, stored procedures, and governed warehouse data.

Open dossier

Google Cloud remote MCP server for querying BigQuery datasets, inspecting metadata, listing resources, and running governed warehouse analytics through an HTTP endpoint.

Open dossier

Connect Claude to Algolia-managed MCP servers for curated public search and recommendation access or internal, user-scoped search and analytics workflows.

Open dossier

Official AWS Labs MCP server for AWS S3 Tables that lets AI assistants create and query S3-based tables, run read-only SQL for analysis, generate tables from CSV files in S3, and explore table metadata — read-only by default.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1oktofeesh1MkDev11jaso0n0818
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandAWS Labs logoAWS Labs
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorSnowflakeGoogle CloudAlgoliaAWS Labs
Added2026-06-032026-06-032026-06-052026-06-21
Platforms
Harness
Source repo
Safety notesSnowflake recommends verifying third-party MCP servers and tool descriptions before use because overlapping MCP servers can create tool poisoning or tool shadowing risk. Prefer OAuth. Hardcoded tokens and broad Programmatic Access Tokens can leak privileged Snowflake access into client config, logs, shell history, support bundles, or AI transcripts. Configure the Snowflake MCP server and each tool with least privilege. Access to the MCP server object does not automatically mean the user should have access to every Cortex, SQL, UDF, or stored procedure tool behind it. SQL execution tools can query Snowflake data and, if configured with write-capable settings, can run mutating SQL. Review generated SQL and use read-only configuration where Claude should only inspect data. Avoid recursive agent or MCP configurations. Snowflake documents a maximum recursion depth for circular MCP and Cortex Agent invocations, but loops can still create cost, latency, and confusing automation behavior before they stop. UDF and stored procedure tools can execute business logic in Snowflake, so do not expose procedures that perform billing, deletion, notification, privilege, or workflow actions without human approval.Prefer `execute_sql_readonly` for analysis. Google documents `execute_sql` as the only non-read-only BigQuery MCP tool, and it can run BigQuery SQL including DML, DDL, AI/ML functions, and other supported query operations. Use IAM least privilege, dataset-level access controls, and IAM deny policies to restrict read-write MCP tool use when Claude should only inspect warehouse metadata or run SELECT queries. Review LLM-generated SQL before execution. Broad scans, joins, forecasts, ML functions, and AI functions can incur cost, expose sensitive rows, or produce misleading analytics if the model chooses the wrong table or filter. Keep manual approval enabled for query execution, exported results, workflow-triggering automations, and any use of BigQuery insights to create tickets, emails, or downstream actions.Algolia documents two Algolia-managed MCP offerings. Public MCP is for curated search and recommendation access to selected indices; Productivity MCP is for internal, user-scoped workflows that inherit the signed-in user's Algolia permissions. Algolia describes Public MCP as a beta feature under its Beta Services terms. Treat setup behavior, limits, dashboard controls, and client support as changeable until Algolia marks the feature generally available. Public MCP uses a generated server URL for a specific Algolia application and selected indices. Do not publish that URL in public repositories, issues, logs, screenshots, or client configs unless the exposed records are intended for that audience. Public MCP client configuration does not require client-side authentication, so the selected Search API key restrictions, selected indices, Recommend models, and index descriptions are the primary controls. Productivity MCP is documented as read-only for analysis and exploration, but it can expose anything the signed-in user can access in Algolia. Use a least-privilege account for sensitive projects. Algolia says MCP usage counts toward the existing Algolia plan. Monitor API usage and avoid broad automated loops, high-traffic prompts, or repeated large searches through an MCP client.The server is read-only by default. Adding the `--allow-write` flag (with the matching IAM permissions) enables create and append operations on S3 Tables; there is no delete or general update. Enable write only deliberately. AWS advises that you are responsible for your agents: if you enable write, back up your data first and validate LLM-generated instructions before execution, since misconfigured permissions can cause data loss. This server acts on real S3 Tables data with your AWS credentials; scope the profile least-privilege and run it only on a trusted host.
Privacy notesTool results can expose Snowflake account identifiers, database names, schema names, table names, semantic views, Cortex Search results, SQL text, query results, citations, reasoning traces, tool calls, UDF inputs, stored procedure outputs, and warehouse metadata. Cortex Agent responses intentionally include intermediate steps such as reasoning traces, tool calls, search results, and citations, which can make MCP payloads large and data-rich. Claude transcripts, MCP client logs, terminal scrollback, screenshots, support exports, and generated summaries can retain Snowflake data outside Snowflake's normal access, retention, and audit controls. OAuth sessions use the connecting user's default role for Snowflake MCP access. Confirm default role and default warehouse settings before relying on per-session role selection in clients such as Claude. Warehouse rows, semantic search results, UDF outputs, and stored procedure results can contain prompt-injection text, secrets, customer data, financial data, product telemetry, or regulated data that should not be pasted into unrestricted AI conversations.Tool results can expose project IDs, dataset IDs, table IDs, schemas, metadata, query text, query results, job history, labels, and row-level warehouse data visible to the authenticated principal. BigQuery OAuth scopes can allow viewing and managing BigQuery data and can expose the Google account email address used for authentication. Query results and table data may contain prompt-injection text, customer records, financial data, product analytics, logs, or other sensitive business information; do not let returned rows instruct the agent. If Model Armor logging is enabled for MCP traffic, Google documents that it can log the entire payload, which may expose sensitive prompts or query results in Google Cloud logs.Algolia MCP can return search hits, object attributes, facet values, recommendations, index names, analytics metrics, top searches, no-result queries, countries, click positions, user counts, and other search performance data into the model conversation. Public MCP exposes records according to the configured indices and Search API key permissions. Remove private object attributes or use secured, filtered, or separate indices before connecting customer-facing agents. Productivity MCP uses the signed-in user's Algolia identity and permissions. Treat prompts, outputs, screenshots, and MCP client logs as internal data whenever they include Algolia analytics, index names, or object records. Do not paste Admin API keys, write API keys, private secured API keys, customer identifiers, unreleased product catalog fields, pricing rules, personal data, or raw exports into prompts or PR comments. Algolia recommends prompt guidance that preserves result fidelity. Avoid asking the assistant to filter, reorder, or summarize returned hits when an exact search result order matters.Table schemas, metadata, query results, and bucket/namespace identifiers can be returned through tool calls and exposed to the model. Keep account identifiers, credentials, and any sensitive table data out of public prompts, issues, and screenshots.
Prerequisites
  • Snowflake account in a supported region, with the managed MCP server feature available for the account.
  • Database and schema where the MCP server object will be created.
  • Snowflake role with least-privilege access to the MCP server object and each exposed tool.
  • Default role and default warehouse configured for each user who will authenticate through an MCP client.
  • Google Cloud project with the BigQuery API enabled
  • MCP-capable client that supports remote HTTP MCP servers and Google OAuth or compatible Google Cloud credentials
  • IAM roles or equivalent custom permissions for `roles/mcp.toolUser`, `roles/bigquery.jobUser`, and `roles/bigquery.dataViewer`
  • BigQuery datasets, tables, billing or sandbox setup, and project or region boundaries selected before use
  • Algolia account with access to the applications and indices you want Claude to use.
  • MCP-capable client with remote HTTP transport support, such as Claude, Claude Code, ChatGPT, Cursor, VS Code, Gemini CLI, Codex, OpenAI Playground, or another compatible client.
  • For Algolia Productivity MCP, access to enable Productivity MCP in the Algolia dashboard and sign in through the MCP client when prompted.
  • For Algolia Public MCP, an Algolia application with at least one index and the dashboard permission to create or copy a Public MCP server URL.
  • An AWS account with S3 Tables and permissions for the table buckets you intend to read (and, if enabled, write).
  • Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package.
  • AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) scoped least-privilege to the intended S3 Tables resources.
  • An MCP client that supports stdio servers; the server runs locally on the same host as the client.
Install
claude mcp add --transport http snowflake https://ACCOUNT.snowflakecomputing.com/api/v2/databases/DATABASE/schemas/SCHEMA/mcp-servers/SERVER_NAME
claude mcp add --transport http bigquery https://bigquery.googleapis.com/mcp
claude mcp add --transport http algolia https://mcp.algolia.com/mcp
uvx awslabs.s3-tables-mcp-server@latest
Config
{
  "mcpServers": {
    "snowflake": {
      "type": "http",
      "url": "https://ACCOUNT.snowflakecomputing.com/api/v2/databases/DATABASE/schemas/SCHEMA/mcp-servers/SERVER_NAME"
    }
  }
}
{
  "mcpServers": {
    "bigquery": {
      "type": "http",
      "url": "https://bigquery.googleapis.com/mcp"
    }
  }
}
{
  "mcpServers": {
    "algolia": {
      "url": "https://mcp.algolia.com/mcp",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "awslabs.s3-tables-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.s3-tables-mcp-server@latest"],
      "env": {
        "AWS_PROFILE": "${AWS_PROFILE}",
        "AWS_REGION": "us-east-1",
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "type": "stdio"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.