databricks-mcp-server
Databricks MCP Server is a Model Context Protocol (MCP) server that exposes tools for browsing Databricks workspace objects (catalogs, schemas, tables, SQL warehouses) and for executing SQL statements against a Databricks SQL warehouse, returning results to the MCP client.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The interface is local stdio-based MCP, which limits exposure of transport details in the README. Auth is described only at a high level (Databricks unified auth), with no evidence of least-privilege enforcement, token handling details, or safe SQL constraints at the tool layer. `execute_sql` accepts arbitrary SQL statements, so correctness and safety depend heavily on the Databricks permissions of the configured credentials and any guardrails in the MCP server implementation (not shown here).
⚡ Reliability
Best When
You have an MCP-capable agent/client and need structured, tool-based access to Databricks for discovery and query execution with constrained parameters (timeout and row limit).
Avoid When
You cannot control or verify the Databricks credentials/permissions used by the MCP server, or you need clearly documented safety, idempotency, and retry semantics.
Use Cases
- • Let an AI agent explore a Databricks metastore (catalog/schema/table discovery)
- • Enable an AI agent to run read-only or bounded SQL queries for analysis
- • Support interactive data exploration workflows from an MCP-capable client
- • Retrieve available Databricks SQL warehouses for downstream query execution
Not For
- • Performing unbounded or high-risk SQL operations without guardrails (e.g., large scans, DDL/DML)
- • Environments that require strict guarantees about SQL safety or enforcement of read-only permissions at the tool layer (not evidenced here)
- • Use as a substitute for reviewing Databricks permissions and security settings for the underlying credentials
Interface
Authentication
The README states it uses Databricks unified authentication, but does not describe the concrete mechanism (e.g., PAT vs OAuth) or how credentials are supplied to the MCP server. Auth complexity and scope granularity therefore cannot be verified from the provided content.
Pricing
No pricing information is provided in the README excerpt; this appears to be an open-source tool distributed via releases.
Agent Metadata
Known Gotchas
- ⚠ `execute_sql` can run arbitrary SQL statements; agent callers should restrict statements/roles and apply conservative `row_limit`/`timeout_seconds` to reduce risk and cost.
- ⚠ Listing tools return arrays but no explicit pagination strategy is documented; large catalogs/schemas may require additional filtering patterns or operational constraints.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for databricks-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.