Model Context Protocol moderate risk

Gateway

CentralMind Gateway exposes databases to AI agents via MCP or OpenAPI, offering LLM-optimized APIs with security features like PII protection and access control.

Connections & Capabilities

Connects To

GitHubPostgreSQLMySQLSQLiteDiscordDockerKubernetesS3

Capabilities

readwriteexecadmin

Quickstart

Config

{
  "mcpServers": {
    "gateway": {
      "command": "PATH_TO_GATEWAY_BINARY",
      "args": ["start", "--config", "PATH_TO_GATEWAY_YAML_CONFIG", "mcp-stdio"]
    }
  }
}

Exposed MCP Tools (5)

safe

get_table_data

Retrieves data from a specified database table.

Read-only operation.

moderate

create_new_record

Creates a new record in a database table.

Non-destructive write operation.

high

update_existing_record

Modifies an existing record in a database table.

Structural modification of data.

critical

delete_record

Deletes a record from a database table.

Destructive operation.

critical

execute_sql_query

Executes a raw SQL query against the database.

Unrestricted SQL execution can lead to data breaches or system compromise.

Safety Assessment

CentralMind Gateway offers several security features, but the overall safety depends on proper configuration and usage. It's relatively safe for read-only access with PII redaction and strict RLS. Risks increase with write operations and direct SQL access without adequate controls.

Supports API keys and OAuth for authentication.
Offers PII protection via regex or Microsoft Presidio plugins.
Provides row-level security (RLS) using Lua scripts.
Integrates with OpenTelemetry for request tracking and audit trails.

Direct SQL API access increases risk if not properly secured.
Potential for data exposure if PII redaction is misconfigured.
Lua scripts for RLS could introduce vulnerabilities if not carefully written.
Overly permissive API configuration could allow unintended data access.