sql-explorer-mcp
Provides read-only introspection and querying of SQLite databases, including listing tables, describing schemas, sampling data, and executing SELECT queries with multi-layer safety enforcement.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@sql-explorer-mcpdescribe the orders table"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
sql-explorer-mcp
Read-only Model Context Protocol server for SQL databases. Lets LLMs (Claude, Cursor, ChatGPT, Continue) introspect and query SQL Server, Postgres, and SQLite with three layers of safety:
Connection-level read-only —
pyodbc readonly=True, PostgresSET TRANSACTION READ ONLYAST validation — sqlglot parses every query and rejects anything that isn't a
SELECT(catches DML smuggled in CTEs)Linter pass — sql-sop checks every query and rejects error-severity findings; warnings are surfaced to the LLM as advisory output
Multi-server: configure several databases in one servers.yaml, the LLM picks which one to target per call.
Tools exposed to the LLM
Tool | Purpose |
| Enumerate configured servers + their dialect |
| List databases on a server |
| List tables, optionally filtered by schema |
| Columns, types, nullability, defaults |
| Quick |
| Execute arbitrary SELECT — three-layer safety stack |
| Return execution plan (engine-specific) |
| Find tables and columns by name fragment |
All tools accept an optional server to target a specific entry from servers.yaml. Default server is used when omitted.
Related MCP server: PostgreSQL MCP Server
Install
pip install sql-explorer-mcp
# or
pipx install sql-explorer-mcpFor SQL Server, install Microsoft ODBC Driver 18. Postgres and SQLite drivers ship as dependencies.
Configure
Copy servers.example.yaml to servers.yaml and edit. Passwords are read from environment variables, never stored in the file.
default_server: lab
servers:
lab:
dialect: mssql
host: localhost
port: 1433
database: BusinessLab
auth: sql
username: sa
password_env: SQL_EXPLORER_LAB_PASSWORD
production:
dialect: mssql
host: BUSINESS-SQL
database: SI
auth: windows # uses Trusted_Connection
max_rows: 500
warehouse:
dialect: postgres
host: db.internal
database: warehouse
username: readonly
password_env: WAREHOUSE_PG_PASSWORDThe config file is searched in this order:
$SQL_EXPLORER_CONFIGif set./servers.yaml(current directory)~/.sql-explorer-mcp/servers.yaml
Run
As an MCP server for Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (Mac) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"sql-explorer": {
"command": "sql-explorer-mcp",
"env": {
"SQL_EXPLORER_CONFIG": "/full/path/to/servers.yaml",
"SQL_EXPLORER_LAB_PASSWORD": "your-lab-password"
}
}
}
}Restart Claude Desktop. The seven tools appear under Settings → Tools.
As an MCP server for Cursor
Add to .cursor/mcp.json:
{
"mcpServers": {
"sql-explorer": {
"command": "sql-explorer-mcp",
"env": { "SQL_EXPLORER_CONFIG": "/full/path/to/servers.yaml" }
}
}
}Standalone (debug)
sql-explorer-mcpReads stdin/stdout in MCP protocol. Use the MCP Inspector to test interactively:
npx @modelcontextprotocol/inspector sql-explorer-mcpSafety architecture
LLM submits SQL
│
▼
┌──────────────────┐
│ Layer 2 (sqlglot)│ Parse, reject if not exactly one SELECT
└────────┬─────────┘ Catches: INSERT, UPDATE, DELETE, MERGE, EXEC,
│ CREATE, DROP, ALTER, smuggled DML in CTEs,
│ multiple statements
▼
┌──────────────────┐
│ Layer 3 (sql-sop)│ Lint, reject if any error-severity findings
└────────┬─────────┘ Warnings (W*) returned as advisory output,
│ don't block execution.
▼
┌──────────────────┐
│ Layer 1 (driver) │ pyodbc readonly=True / Postgres SET TXN READ ONLY
└────────┬─────────┘ Final defence at the protocol layer.
▼
Database
│
▼
Result rows (capped at server.max_rows)Failure at any layer returns a structured result the LLM can read and react to:
{
"passed": false,
"layer": "select-only",
"reason": "Forbidden statement type in query: Delete"
}Why this design
Read-only by enforcement, not convention. A misconfigured login isn't your only protection.
Multi-engine from day 1. Same tool surface across SQL Server, Postgres, SQLite. Same
servers.yaml.Multi-server in one process. Switch between lab and production by passing
server="production"instead of restarting.Linter-aware. Uses sql-sop to flag patterns that compile fine but signal poor query habits (SELECT *, unbounded queries, etc.).
Result caps. Every tool clamps row counts (max 1000 default) so a curious LLM can't pull 100k rows into context.
Comparison to other SQL MCP servers
Server | Dialects | Read-only | Linter pass | Multi-server |
sql-explorer-mcp | mssql, postgres, sqlite | ✓ (3 layers) | ✓ via sql-sop | ✓ |
various community mssql-mcp | mssql | depends | ✗ | usually ✗ |
various postgres-mcp | postgres | depends | ✗ | usually ✗ |
Development
git clone https://github.com/Pawansingh3889/sql-explorer-mcp
cd sql-explorer-mcp
pip install -e ".[dev]"
pytest -vLicense
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Pawansingh3889/sql-explorer-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server