Postgres MCP Pro Plus

execute_sql

Execute SQL queries to manage PostgreSQL databases, enabling schema operations, query optimization, performance monitoring, and health analysis.

Instructions

Execute any SQL query

Input Schema

TableJSON Schema

Name	Required	Description	Default
`sql`	No	SQL to run	all

Implementation Reference

src/postgres_mcp_pro_plus/server.py:546-559 (handler)

The core handler function for the execute_sql tool. It takes a SQL string, executes it via sql_driver.execute_query, formats the results, and handles errors.

async def execute_sql(
    sql: str = Field(description="SQL to run", default="all"),
) -> ResponseType:
    """Executes a SQL query against the database."""
    try:
        sql_driver = await get_sql_driver()
        rows = await sql_driver.execute_query(sql)  # type: ignore
        if rows is None:
            return format_text_response("No results")
        results = [r.cells for r in rows]
        return format_text_response(format_query_results_as_text(results))
    except Exception as e:
        logger.error(f"Error executing query: {e}")
        return format_error_response(str(e))

src/postgres_mcp_pro_plus/server.py:784-787 (registration)
Registers the execute_sql tool with the MCP server, using different descriptions based on the access mode (unrestricted or restricted/read-only).
```
if current_access_mode == AccessMode.UNRESTRICTED:
    mcp.add_tool(execute_sql, description="Execute any SQL query")
else:
    mcp.add_tool(execute_sql, description="Execute a read-only SQL query")
```
src/postgres_mcp_pro_plus/server.py:547-547 (schema)
Pydantic Field definition for the sql input parameter, defining the input schema for the tool.
```
sql: str = Field(description="SQL to run", default="all"),
```

Tool Definition Quality

C2.5/5.0

Behavior1/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It only states 'Execute any SQL query', which fails to disclose critical traits such as whether this is a read-only or write operation, potential side effects (e.g., data modification), authentication needs, rate limits, or error handling. This is inadequate for a tool that could perform destructive actions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise with a single sentence ('Execute any SQL query'), which is front-loaded and wastes no words. It efficiently conveys the core action, though this brevity contributes to gaps in other dimensions. Every word earns its place, making it structurally optimal.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of SQL execution (potential for data mutation, security implications) and the lack of annotations and output schema, the description is incomplete. It doesn't address behavioral risks, return values, or usage context, leaving significant gaps for an agent to safely invoke this tool. More detail is needed to compensate for the missing structured data.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, with the 'sql' parameter documented as 'SQL to run'. The description adds no additional meaning beyond this, such as syntax examples, supported SQL dialects, or constraints. Since the schema provides full coverage, the baseline score of 3 is appropriate, as the description doesn't compensate but also doesn't detract.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the tool's purpose ('Execute any SQL query'), which is clear but vague. It specifies the verb ('Execute') and resource ('SQL query'), but doesn't differentiate from siblings like 'explain_query' or 'get_top_queries', which also involve SQL operations. The purpose is understandable but lacks specificity about scope or type of execution.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. With siblings like 'explain_query' (for analysis) and 'get_top_queries' (for monitoring), the description doesn't indicate that this tool is for direct execution, nor does it mention prerequisites, exclusions, or typical use cases. This leaves the agent without context for tool selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cloudthinker-ai/postgres-mcp-pro-plus'

If you have feedback or need assistance with the MCP directory API, please join our Discord server