Model Context Protocol moderate risk

Clickhouse

This MCP server enables interaction with ClickHouse and chDB databases, providing tools for querying, listing databases/tables, and health checks, with configurable authentication.

Connections & Capabilities

Connects To

GitHubDocker

Capabilities

readwrite

Quickstart

Config

{
  "mcpServers": {
    "mcp-clickhouse": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "mcp-clickhouse",
        "--python",
        "3.10",
        "mcp-clickhouse"
      ],
      "env": {
        "CLICKHOUSE_HOST": "<clickhouse-host>",
        "CLICKHOUSE_PORT": "<clickhouse-port>",
        "CLICKHOUSE_USER": "<clickhouse-user>",
        "CLICKHOUSE_PASSWORD": "<clickhouse-password>",
        "CLICKHOUSE_ROLE": "<clickhouse-role>",
        "CLICKHOUSE_SECURE": "true",
        "CLICKHOUSE_VERIFY": "true",
        "CLICKHOUSE_CONNECT_TIMEOUT": "30",
        "CLICKHOUSE_SEND_RECEIVE_TIMEOUT": "30"
      }
    }
  }
}

Exposed MCP Tools (4)

safe

run_select_query

Executes a read-only SQL query on the ClickHouse cluster.

Queries are run with `readonly = 1`, preventing data modification.

safe

list_databases

Lists all databases on the ClickHouse cluster.

Read-only operation with no side effects.

safe

list_tables

Lists tables in a database with optional filtering and pagination.

Read-only operation with no side effects.

moderate

run_chdb_select_query

Executes a SQL query using the chDB embedded ClickHouse engine.

Queries data directly from various sources, potentially including untrusted URLs or files.

Safety Assessment

This MCP server offers a reasonable level of safety when properly configured with authentication and secure connection settings. The greatest risks arise from disabling authentication or using the chDB tool with untrusted data sources. Exercise caution when configuring environment variables and granting access to the ClickHouse instance.

SQL queries are run with `readonly = 1` by default for ClickHouse, preventing unintended data modification.
Authentication is required for HTTP/SSE transports, preventing unauthorized access.
The server supports SSL certificate verification for secure connections to ClickHouse.
Clear instructions are provided for setting up authentication and disabling it only for local development.

If authentication is disabled, the server is vulnerable to unauthorized access.
The `run_chdb_select_query` tool allows querying data from various sources, potentially including untrusted URLs or files.
Improper configuration of ClickHouse credentials in the environment variables could lead to exposure of sensitive information.
While ClickHouse queries are read-only by default, misconfiguration or future tool additions could introduce write capabilities.

Client Compatibility

Claude Desktopfull

Cursoruntested

Windsurfuntested

VS Code (Copilot)untested

Security Notes

Disabling authentication exposes the server to unauthorized access.
Using default or administrative ClickHouse users grants excessive privileges.
Unvalidated data sources in chDB queries can lead to data poisoning or unexpected behavior.
Environment variables containing credentials could be exposed if not properly secured.
Insufficiently restricted network access to the server could allow unauthorized connections.

Best For

Data analysts who need to explore and query ClickHouse data.
Database administrators who need to monitor and manage ClickHouse clusters.
Developers who need to integrate ClickHouse data into their applications.
Organizations that want to leverage chDB for querying data from various sources without ETL.