Model Context Protocol moderate risk

Anyquery

Anyquery is a versatile SQL query engine enabling users to run SQL queries on various data sources, including files, databases, and applications, with LLM connectivity and MySQL server emulation.

Connections & Capabilities

Connects To

GitHubMySQLSQLiteNotion

Capabilities

readwriteexecadmin

Quickstart

Install

brew install anyquery

Exposed MCP Tools (3)

moderate

anyquery mcp --stdio

Starts the Model Context Protocol server using standard input/output for communication.

While the tool itself is not inherently dangerous, the data it exposes to the connected LLM depends on the configured plugins and permissions.

moderate

anyquery mcp --host 127.0.0.1 --port 8070

Starts the Model Context Protocol server using HTTP and SSE on a specified host and port.

Exposes the Anyquery instance over a network port, potentially increasing the attack surface if not properly secured.

moderate

anyquery gpt

Generates an ID for connecting to LLM clients that support function calling.

The generated ID grants access to Anyquery's capabilities to the connected LLM, so it should be treated as a secret.

Safety Assessment

Anyquery's safety depends heavily on the plugins installed and the configuration of the MySQL server emulation. When used with trusted plugins and read-only access, it presents a low risk. However, allowing untrusted plugins or write access significantly increases the risk of data compromise or system instability.

Plugin-based architecture allows for controlled extension of functionality.
Supports read-only queries against many data sources.
MCP server provides a structured interface for LLM interaction.
Can be configured to run in a sandboxed environment.

Plugins can introduce vulnerabilities if not properly vetted.
Direct SQL access can be risky if not properly secured.
LLM integration can expose sensitive data if not configured carefully.
MySQL server emulation could be exploited if misconfigured.
Ability to load arbitrary SQLite extensions