{"id":"liliang-cn-mcp-sqlite-server","name":"mcp-sqlite-server","homepage":null,"repo_url":"https://github.com/liliang-cn/mcp-sqlite-server","category":"databases","subcategories":[],"tags":["mcp","sqlite","database","sql","local-dev","tooling","go"],"what_it_does":"MCP server (Go) that exposes SQLite database operations as Model Context Protocol tools. It restricts database access to user-specified allowed directories, supports switching between databases, and provides CRUD/query/table/index/maintenance actions (including transactions).","use_cases":["Agent-driven SQL querying and data retrieval from local SQLite files","Automated data manipulation (INSERT/UPDATE/DELETE) with transactional workflows","Schema management tasks (create/describe/drop tables, create/drop indexes)","Database inspection/optimization (stats, analyze query plans, vacuum)","Secure directory-scoped access for LLM tools to local datasets"],"not_for":["Exposing a multi-tenant service to untrusted users over the network (no mention of auth between remote clients)","Handling high-concurrency production workloads without additional controls","Tasks requiring external database engines or distributed transactions beyond local SQLite","Cases where deletion operations (delete_database) should never be allowed"],"best_when":"Used in a local or controlled environment (e.g., Claude Desktop MCP) where the operator provides a tight directory allowlist and understands the risk of executing SQL generated by an agent.","avoid_when":"Avoid when the model/agent will act on sensitive data without strong operational safeguards (least-privilege directory allowlist, backups, monitoring), or when network exposure to untrusted parties is possible.","alternatives":["Other MCP SQLite tools (if available)","Direct SQLite access via a vetted SQL sandbox/tooling layer","Use a hosted database API with explicit auth and auditing","LangChain/other agent frameworks with a SQL toolkit plus query validation/sandboxing"],"af_score":54.5,"security_score":39.8,"reliability_score":20.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:21:45.633759+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["None described (local MCP server process with directory allowlist configured at startup)"],"oauth":false,"scopes":false,"notes":"No user authentication/authorization mechanism is described in the README; security is positioned around directory restriction at server startup."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing info (open-source repo inferred by MIT license in README)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":54.5,"security_score":39.8,"reliability_score":20.0,"mcp_server_quality":70.0,"documentation_accuracy":60.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":95.0,"rate_limit_clarity":0.0,"tls_enforcement":10.0,"auth_strength":20.0,"scope_granularity":70.0,"dependency_hygiene":45.0,"secret_handling":60.0,"security_notes":"Security is claimed via directory allowlisting and path validation to mitigate directory traversal; database file validation limits accessible SQLite files. However, no authentication/authorization controls are documented, so exposure risk depends on how the MCP server is launched and who can invoke it. Destructive operations are available (drop/delete), so least-privilege directory selection and backups are important. TLS/auth between remote clients are not discussed (likely a local process/desktop integration).","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":20.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["SQL tool calling can be destructive (execute/transaction/delete_table/delete_database/drop_index). Use allowlists and operational guardrails.","Transaction tool only supports INSERT/UPDATE/DELETE (no SELECT) per README—agents may incorrectly expect SELECT support.","No explicit idempotency guarantees are described; repeated calls may re-apply mutations unless the agent controls them.","Query analysis/vacuum/table/index operations may be expensive; agents should be cautious with unbounded queries."]}}