Model Context Protocol moderate risk

dbt

The dbt MCP server exposes dbt projects to AI agents, enabling read, write, and execution capabilities via a suite of tools for SQL, semantic layer, discovery, and admin tasks.

Connections & Capabilities

Connects To

GitHubSlack

Capabilities

readwriteexecadmin

Quickstart

Config

{
  "mcpServers": {
    "dbt-mcp": {
      "command": "uvx",
      "args": [
        "--env-file",
        "<path-to-.env-file>",
        "dbt-mcp"
      ]
    },
  }
}

Exposed MCP Tools (7)

high

execute_sql

Executes SQL queries on dbt Platform infrastructure, leveraging Semantic Layer support.

Direct SQL execution can modify or expose sensitive data.

moderate

text_to_sql

Generates SQL from natural language, using the dbt project context for assistance.

Poorly generated SQL could lead to inefficient queries or unintended data access.

safe

get_model_details

Retrieves detailed information about a specific dbt model, including compiled SQL and column definitions.

Read-only access to model metadata.

high

build

Executes dbt models, tests, snapshots, and seeds in the order defined by the DAG.

Can modify data and project state.

high

trigger_job_run

Triggers a dbt Cloud job run, with options to override settings like git branch and schema.

Can trigger unintended or malicious job executions.

moderate

generate_model_yaml

Generates model YAML files with column definitions, optionally inheriting descriptions from upstream models.

Modifies dbt project structure.

safe

get_mcp_server_version

Returns the current version of the dbt MCP server.

Provides version information only.

Safety Assessment

The dbt MCP server offers powerful capabilities, but requires careful configuration and monitoring. Read-only tools are generally safe, while tools that modify data or execute code should be used with caution. Proper access controls and monitoring are essential to mitigate risks.

Granular tool-based access control.
Some tools are read-only, limiting potential damage.
Experimental MCP bundle allows for controlled import.
Clear documentation encourages responsible use.

Includes tools that can execute SQL and modify dbt projects.
Admin API provides access to job management and project settings.
Potential for data modification or deletion if tools are misused.
Secrets exposure risk if not configured and managed correctly.
Lack of explicit sandboxing for certain execution tools.