MCP SQL Server

mcp-postgres
.claude
skills
mcp-development

REVIEW.md•2.08 KiB

# MCP Code Review Checklist ## Security (CRITICAL) - [ ] **SQL Injection**: All queries use parameters? Never string concatenation? - [ ] **Input Validation**: All inputs validated with Zod? - [ ] **Secrets**: Credentials in env vars? Nothing hardcoded? - [ ] **Privilege**: Destructive operations blocked or protected? - [ ] **Output Sanitization**: Sensitive data filtered? ```typescript // BAD - SQL Injection const query = `SELECT * FROM users WHERE name = '${name}'`; // GOOD - Parameterized request.input("name", sql.VarChar, name); const query = "SELECT * FROM users WHERE name = @name"; ``` ## MCP Structure - [ ] **McpServer**: Configured with name and version? - [ ] **Transport**: Using StdioServerTransport? - [ ] **Error Handling**: server.connect() has .catch()? - [ ] **Registration Order**: Tools registered before connect()? ## Tool Design - [ ] **Single Responsibility**: Each tool does one thing? - [ ] **Naming**: Names are descriptive? (sql_select not query) - [ ] **Description**: Clear for LLM to understand when to use? - [ ] **Schema**: Each parameter has .describe()? - [ ] **Return Format**: Returns content[] and structuredContent? ## Error Handling - [ ] **Try/Catch**: Async operations wrapped? - [ ] **Messages**: Errors informative but don't expose internals? - [ ] **isError Flag**: Errors return `{ isError: true }`? ## Performance - [ ] **Connection Pool**: Using pool, not individual connections? - [ ] **Limits**: Queries have LIMIT? maxRows implemented? - [ ] **Timeouts**: Operations have timeout? ## TypeScript - [ ] **Strict Mode**: `"strict": true` in tsconfig? - [ ] **No Any**: Avoids `any`? Explicit types? - [ ] **Null Checks**: Optional chaining used? ## Logging - [ ] **console.error**: Logs use stderr (not stdout)? - [ ] **No Sensitive Data**: Logs don't expose passwords/tokens? ## Review Format ```markdown ### [SEVERITY] Short Description **File**: path/to/file.ts:line **Problem**: What's wrong **Impact**: Consequence **Fix**: How to correct \`\`\`typescript // Current ... // Suggested ... \`\`\` ``` Severities: CRITICAL, HIGH, MEDIUM, LOW, INFO

Loading blob content...

Latest Blog Posts

MCP isn't dead–it's maturing
By punkpeye on January 20, 2026.
mcp
Google's AI Overview Has Been Sending Me the Wrong Customers for 6 Months
By punkpeye on January 20, 2026.
google
ai
startups
Expose Your Local MCP Server to the Internet
By punkpeye on January 19, 2026.
MCP Inspector
mcp
tutorial

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/fabriciofs/mcp-postgres'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

REVIEW.md•2.08 KiB