Model Context Protocol moderate risk

Tidb

MCP server for TiDB (serverless) database, enabling read and write operations via environment variable authentication; suitable for data interaction and analysis.

Connections & Capabilities

Connects To

GitHubAWS

Capabilities

readwrite

Quickstart

Config

{
  "mcpServers": {
      "tidb": {
          "command": "uv",
          "args": [
              "--directory",
              "/path/to/mcp-server-tidb",
              "run",
              "src/main.py"
          ]
      }
  }
}

Exposed MCP Tools (3)

moderate

query_database

Executes a SQL query against the TiDB database and returns the results.

Allows arbitrary SQL queries, potentially including write operations if the user has permissions.

moderate

insert_data

Inserts new data into a specified table in the TiDB database.

Adds new data to the database, which could lead to data integrity issues if not properly validated.

safe

read_table

Reads data from a specified table in the TiDB database.

Read-only operation, no data modification.

Safety Assessment

This server allows both read and write operations on a TiDB database, making it moderately risky. It is safe when used with strong environment variable management and appropriate database user permissions. It becomes risky if environment variables are exposed or the database user has excessive privileges.

Authentication via environment variables limits exposure of credentials in code.
Access control is managed by TiDB's built-in RBAC.
Can be configured to operate in a read-only mode by restricting the username permissions.
Utilizes a dedicated database user, limiting the blast radius of potential compromises.

Environment variable storage of credentials can be risky if not properly managed.
Write operations are supported, potentially leading to data modification or deletion.
No explicit input sanitization is mentioned, increasing the risk of SQL injection.
Internet connectivity is required to access the TiDB cluster.