metabase-mcp
metabase-mcp is an MCP (Model Context Protocol) server that exposes Metabase functionality to MCP clients/AI assistants. It provides tools for listing databases/tables/fields, executing SQL (with parameter support/templating) and MongoDB-style native queries (with JSON conversion for aggregation pipelines), and managing Metabase cards (questions) and collections.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses environment variables/.env and supports Metabase API keys or session-based auth to Metabase. The README does not describe TLS requirements for the MCP transport (SSE/HTTP) nor any built-in auth/authz for protecting MCP tool invocation. Operations include executing arbitrary SQL and creating/updating Metabase cards/collections, so least-privilege and strict network controls are important.
⚡ Reliability
Best When
You want an agent-to-database bridge where an MCP client can discover Metabase metadata and execute parameterized queries/cards in a controlled deployment where you manage Metabase credentials and network access.
Avoid When
You cannot restrict who can call MCP tools (e.g., open HTTP transport without strong network controls), or you need documented idempotency/retry semantics for every operation.
Use Cases
- • Let an MCP-capable AI assistant explore Metabase schema (databases, tables, fields) conversationally
- • Have an AI assistant generate and execute SQL against Metabase-connected databases
- • Automate creation and management of Metabase cards (saved questions) and organizing them via collections
- • Run native MongoDB queries (as supported by Metabase) through MCP for analytics workflows
- • Use the server with Claude Desktop / Cursor via MCP transports (STDIO, SSE, HTTP)
Not For
- • Providing a turnkey, managed analytics platform (this is a local bridge to your existing Metabase)
- • Environments that require strong, documented guarantees around query safety/approval workflows
- • Teams needing a fully specified public REST/GraphQL API surface for third-party integrations (it is primarily MCP)
Interface
Authentication
Authentication is between the MCP server and Metabase; the MCP server itself is launched locally and can expose SSE/HTTP transports, but the README does not describe any additional auth/authz layer protecting MCP tool calls.
Pricing
Open-source MIT package; any cost is from running the server and your Metabase infrastructure.
Agent Metadata
Known Gotchas
- ⚠ Be careful when using HTTP/SSE transports—README does not document authentication for the MCP transport itself, so network exposure could allow unintended tool execution.
- ⚠ Some tools perform state changes (creating cards/collections); without explicit idempotency/approval flows, agents may create duplicates on retries.
- ⚠ Query execution tools can be sensitive to SQL dialect/parameter/templating expectations of the connected Metabase databases.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for metabase-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.