Model Context Protocol moderate risk

Adx

This MCP server enables AI assistants to execute KQL queries and explore Azure Data Explorer databases, providing access to data insights.

Connections & Capabilities

Connects To

GitHubDockerKubernetesAzure

Capabilities

readexec

Quickstart

Config

{
  "mcpServers": {
    "adx": {
      "command": "uv",
      "args": [
        "--directory",
        "<full path to adx-mcp-server directory>",
        "run",
        "src/adx_mcp_server/main.py"
      ],
      "env": {
        "ADX_CLUSTER_URL": "https://yourcluster.region.kusto.windows.net",
        "ADX_DATABASE": "your_database"
      }
    }
  }
}

Exposed MCP Tools (5)

moderate

execute_query

Executes a Kusto Query Language (KQL) query against the Azure Data Explorer database.

While read-only, poorly constructed queries could impact performance or expose sensitive data.

safe

list_tables

Lists all tables available in the configured Azure Data Explorer database.

Provides read-only access to table names, posing minimal risk.

safe

get_table_schema

Retrieves the schema for a specified table in the Azure Data Explorer database.

Provides read-only access to table schema, posing minimal risk.

safe

sample_table_data

Fetches sample data from a specified table in the Azure Data Explorer database.

Provides read-only access to sample data, but large sample sizes could impact performance.

safe

get_table_details

Retrieves statistics and metadata for a specified table in the Azure Data Explorer database.

Provides read-only access to table metadata, posing minimal risk.

Safety Assessment

This server provides a moderate level of safety due to its reliance on Azure's authentication mechanisms and configurable tool access. However, the ability to execute arbitrary KQL queries introduces a risk of data exfiltration or unauthorized access if the underlying ADX cluster is not properly secured. It is safe when used with appropriate ADX cluster permissions and monitoring, but risky if the cluster is misconfigured or compromised.

Uses Azure's DefaultAzureCredential for authentication, leveraging existing Azure security protocols.
Supports Workload Identity for secure authentication in AKS environments.
Provides read-only access to data through query execution and schema discovery.
Tool list is configurable, allowing administrators to restrict access to potentially dangerous tools.

Executes arbitrary KQL queries, which could potentially be used for data exfiltration if not properly monitored.
Relies on environment variables for configuration, which can be a security risk if not managed securely.
Improperly configured permissions on the ADX cluster could lead to unauthorized data access or modification.
If the ADX cluster itself is compromised, this server could be used as a pivot point for further attacks.

Client Compatibility

Claude Desktopfull

Cursoruntested

Windsurfuntested

VS Code (Copilot)untested

Security Notes

Exposure of ADX credentials in environment variables if not properly managed.
Potential for KQL injection attacks if input sanitization is not implemented in the AI assistant.
Unauthorized data access if the ADX cluster permissions are not correctly configured.
Risk of data exfiltration through malicious KQL queries.
Logging level not configurable, potentially missing important audit trails

Best For

Data analysts who need to query and explore Azure Data Explorer databases.
Security engineers who need to monitor security logs and investigate incidents.
Infrastructure engineers who need to track resource utilization and monitor system health.
Developers who need to troubleshoot application errors and analyze user behavior.