mcp-stata
mcp-stata is a Model Context Protocol (MCP) server that connects AI agents to a locally installed Stata (17+) installation. It runs Stata commands, can load/inspect datasets and variables, executes .do files, exports graphs, and retrieves stored r()/e() results. It also exposes an additional localhost-only HTTP API for a data-browser UI with bearer-token access.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
MCP uses stdio (reducing network attack surface). The localhost HTTP UI is loopback-only with bearer tokens obtained per session/channel. However, MCP tools allow execution of arbitrary Stata commands/do-files, which is inherently high-risk if inputs/prompts are untrusted (command injection / data exfiltration via file/command effects is possible depending on Stata capabilities). No explicit scope granularity for MCP is described (effectively full access within the running process/session). Dependency hygiene is uncertain from the provided manifest (presence of pinned/compatible deps like httpx pin is noted, but no CVE status is provided).
⚡ Reliability
Best When
You have a licensed local Stata installation and want IDE/agent integration through MCP (stdio transport) plus optional localhost UI browsing.
Avoid When
You need strict governance around what code can be executed, or you cannot isolate the process/session from untrusted prompts.
Use Cases
- • Letting an LLM agent execute and iterate on Stata analysis interactively
- • Automating inspection of datasets (describe/codebook/variable lists) from an AI workflow
- • Exporting Stata graphs on-demand during agent conversations
- • Validating model results by reading stored r()/e() results
- • Providing a UI data browser (paging/filtering/sorting) via a local HTTP endpoint for IDE extensions
Not For
- • Running untrusted Stata code from untrusted sources without user controls
- • Multi-tenant remote access or use where network exposure beyond localhost is required
- • Use cases needing a publicly accessible API with robust third-party auth/authorization and rate-limit enforcement details
Interface
Authentication
The MCP interface is via stdio from the client/IDE. The separate local HTTP UI requires short-lived bearer tokens obtained through the MCP tool get_ui_channel(). No OAuth flows are described.
Pricing
No pricing information is provided in the supplied content; this appears to be a self-hosted/local integration (plus your Stata license).
Agent Metadata
Known Gotchas
- ⚠ Commands can mutate/alter the Stata session state; treat session as stateful and avoid re-running without understanding side effects
- ⚠ The server can reload startup do-files on certain clear commands unless MCP_STATA_NO_RELOAD_ON_CLEAR=1 is set
- ⚠ Large outputs are written to a temp log and emitted to the client via log tailing; agents should use read_log/find_in_log for context rather than expecting outputs inline
- ⚠ Cancellation is best-effort and depends on Stata surfacing BreakError; partial output may remain in the log
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-stata.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.