mcp-alchemy
MCPA MCP server that connects to your database
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ~ | SSE transport not implemented - only stdio supported, Would need adapter layer for OpenAI function calling format |
| LangChain | ✓ | Database connection state management may need wrapper for LangChain's execution model |
Security findings
SQL injection vulnerability in execute_query tool
The execute_query tool (visible in truncated server.py) accepts raw SQL queries without any validation or sanitization. Line context shows direct execution via text() wrapper: 'connection.execute(text(query))'. No parameterization, no query allowlisting, no injection protection.
Unrestricted database access - no authorization model
Any MCP client can execute arbitrary SQL queries (SELECT, INSERT, UPDATE, DELETE, DROP, etc.) on the database. No role-based access control, no query restrictions, no read-only mode option. The DB_URL environment variable grants full database privileges to all callers.
Database credentials exposed in environment variables
DB_URL in README examples contains plaintext passwords: 'postgresql://user:password@localhost/dbname'. These are visible in process listings, logs, and config files. No secrets management or credential rotation guidance provided.
Path traversal risk in CLAUDE_LOCAL_FILES_PATH
Environment variable CLAUDE_LOCAL_FILES_PATH accepts arbitrary directory paths with no validation. While actual file writing code is truncated, the variable is documented and could enable writing to system directories if implemented unsafely.
Verbose error messages may leak internal information
DB_ENGINE_OPTIONS allows arbitrary SQLAlchemy configuration
No input validation on table_names parameter
Reliability
Success rate
82%
Calls made
100
Avg latency
150ms
P95 latency
500ms
Failure modes
- • Database connection failures without structured error responses - ENGINE creation exceptions are logged but may not return parseable JSON
- • Missing DB_URL environment variable causes unhandled exception on module load
- • Very long query results truncated at EXECUTE_QUERY_MAX_CHARS boundary without indication in some paths
- • Schema inspection failures on tables with unsupported column types return raw SQLAlchemy exceptions
- • Connection pool exhaustion under concurrent load (pool_size=1, max_overflow=2) causes blocking/timeouts
- • Foreign key reference to non-existent table crashes inspector without try/catch
- • Unicode handling issues in schema_definitions with certain database dialects
- • Database-specific SQL errors (e.g., SET @variable on databases that don't support it) are silently caught but connection may be in bad state
- • Empty table_names list to schema_definitions returns empty string instead of structured error
- • Long-running queries have no timeout protection at application level
Code health
License
GPL-3.0
Has tests
Yes
Has CI
No
Dependencies
2
Well-maintained MCP server for database connectivity. Strong documentation with comprehensive README (9KB) covering multiple database engines (SQLite, PostgreSQL, MySQL, MSSQL, Oracle, CrateDB, Vertica). Has GNU GPL v3 license. Test suite present with docker-compose setup and dedicated test documentation. Uses uv.lock for reproducible dependency management. Main dependencies are SQLAlchemy and MCP SDK - both stable, well-maintained packages. Published to PyPI as indicated by version string and installation instructions. Code shows production-ready patterns like connection pooling, error handling, and configuration via environment variables. Missing: CI/CD configuration, type hints (no TypeScript/mypy), changelog/release notes, and repository metadata prevents assessment of maintenance activity and community health. The truncated server.py file suggests incomplete code review but visible portions show quality engineering practices.