mcp-sqlite-server
MCP server (Go) that exposes SQLite database operations as Model Context Protocol tools. It restricts database access to user-specified allowed directories, supports switching between databases, and provides CRUD/query/table/index/maintenance actions (including transactions).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security is claimed via directory allowlisting and path validation to mitigate directory traversal; database file validation limits accessible SQLite files. However, no authentication/authorization controls are documented, so exposure risk depends on how the MCP server is launched and who can invoke it. Destructive operations are available (drop/delete), so least-privilege directory selection and backups are important. TLS/auth between remote clients are not discussed (likely a local process/desktop integration).
⚡ Reliability
Best When
Used in a local or controlled environment (e.g., Claude Desktop MCP) where the operator provides a tight directory allowlist and understands the risk of executing SQL generated by an agent.
Avoid When
Avoid when the model/agent will act on sensitive data without strong operational safeguards (least-privilege directory allowlist, backups, monitoring), or when network exposure to untrusted parties is possible.
Use Cases
- • Agent-driven SQL querying and data retrieval from local SQLite files
- • Automated data manipulation (INSERT/UPDATE/DELETE) with transactional workflows
- • Schema management tasks (create/describe/drop tables, create/drop indexes)
- • Database inspection/optimization (stats, analyze query plans, vacuum)
- • Secure directory-scoped access for LLM tools to local datasets
Not For
- • Exposing a multi-tenant service to untrusted users over the network (no mention of auth between remote clients)
- • Handling high-concurrency production workloads without additional controls
- • Tasks requiring external database engines or distributed transactions beyond local SQLite
- • Cases where deletion operations (delete_database) should never be allowed
Interface
Authentication
No user authentication/authorization mechanism is described in the README; security is positioned around directory restriction at server startup.
Pricing
No pricing info (open-source repo inferred by MIT license in README).
Agent Metadata
Known Gotchas
- ⚠ SQL tool calling can be destructive (execute/transaction/delete_table/delete_database/drop_index). Use allowlists and operational guardrails.
- ⚠ Transaction tool only supports INSERT/UPDATE/DELETE (no SELECT) per README—agents may incorrectly expect SELECT support.
- ⚠ No explicit idempotency guarantees are described; repeated calls may re-apply mutations unless the agent controls them.
- ⚠ Query analysis/vacuum/table/index operations may be expensive; agents should be cautious with unbounded queries.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-sqlite-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.