How do I install Safedb?

Safedb is a local plugin. Install it using npm package: @safedb/safedb-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Safedb safe to use?

Safedb scored 5.2/10 (moderate risk) in MCP Marketplace's automated security scan. It has 4 high or critical findings to review. It's listed, but review the security report on this page before installing.

What credentials does Safedb need?

Safedb requires the following credentials or environment variables: YOUR_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Safedb?

Safedb uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Safedb MCP Server

by Narekmalk

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

A secure MCP server that lets AI agents query databases safely.

About

A secure MCP server that lets AI agents query databases safely.

Security Report

5.2

Moderate5.2Moderate Risk

SafeDB MCP is a well-designed security-focused database access layer with proper read-only enforcement, AST-backed SQL validation, and comprehensive access controls. The codebase demonstrates strong security fundamentals with proper authentication via environment variables, minimal dangerous patterns, and permissions appropriately scoped to its purpose. Minor code quality observations exist but do not materially impact security. Supply chain analysis found 6 known vulnerabilities in dependencies (1 critical, 3 high severity). Package verification found 1 issue.

7 files analyzed · 11 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

What You'll Need

Set these up before or after installing:

Your API key for the serviceRequired

Environment variable: YOUR_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-narekmalk-safedb-mcp": {
      "env": {
        "YOUR_API_KEY": "your-your-api-key-here"
      },
      "args": [
        "-y",
        "@safedb/safedb-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

SafeDB MCP

SafeDB MCP is a secure Model Context Protocol server that lets AI agents inspect and query Postgres, MySQL, MariaDB, and SQLite with strict read-only guardrails. It is designed for teams that want useful database access without handing an agent unrestricted production credentials.

Direct database credentials are dangerous for agents because a single bad prompt, tool call, or generated SQL statement can mutate data, exfiltrate sensitive columns, or run expensive queries. SafeDB MCP puts a policy layer between the agent and your database: only configured schemas and tables are visible, SQL is parsed and validated before execution, row counts are capped, results are masked, and every query attempt is audited.

This project is an MVP. It prefers false positives and blocked queries over unsafe access, and it does not claim perfect SQL security.

Features

MCP tools: list_schemas, list_tables, describe_table, run_readonly_query, explain_query, get_safedb_policy
Postgres support through pg
MySQL and MariaDB support through mysql2
SQLite file support through sql.js
YAML or JSON config with environment expansion
AST-backed read-only SQL guardrails for SELECT, WITH ... SELECT, UNION, and EXPLAIN SELECT
Table detection through joins, CTEs, nested subqueries, aliases, and unions
Column projection checks that block masked fields selected through aliases or expressions
Configurable table allowlists, denylists, row limits, and statement timeout
PII masking: redact, email, partial, and deterministic hash
JSONL audit log with no raw result data
CLI binary: safedb-mcp
TypeScript, Vitest, ESLint, Prettier

Quickstart

npx @safedb/safedb-mcp init --output safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx @safedb/safedb-mcp validate-config --config safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx @safedb/safedb-mcp test-connection --config safedb.yaml
DATABASE_URL=postgres://readonly:password@localhost:5432/app npx @safedb/safedb-mcp --config safedb.yaml

Use a dedicated database role with read-only permissions. SafeDB MCP is a defense-in-depth layer, not a replacement for least-privilege database credentials.

Docker

A Docker image packages SafeDB MCP with Node.js and its production dependencies so it can run the same way on any host with Docker.

Build the image locally:

docker build -t safedb-mcp .

Run the MCP server with a mounted config file:

docker run --rm -i \
  -e DATABASE_URL=postgres://readonly:password@host.docker.internal:5432/app \
  -v "$PWD/safedb.yaml:/config/safedb.yaml:ro" \
  safedb-mcp

Pass CLI commands after the image name:

docker run --rm \
  -e DATABASE_URL=postgres://readonly:password@host.docker.internal:5432/app \
  -v "$PWD/safedb.yaml:/config/safedb.yaml:ro" \
  safedb-mcp --config /config/safedb.yaml validate-config

Example Config

database:
  type: postgres
  url: ${DATABASE_URL}

safety:
  default_limit: 100
  max_limit: 1000
  statement_timeout_ms: 5000
  allow_explain: true

access:
  schemas:
    public:
      allow_tables:
        - users
        - orders
        - products
      deny_tables:
        - secrets
      column_masks:
        users.email: email
        users.phone: partial
        users.password_hash: redact
        users.ssn: redact

audit:
  path: safedb-audit.jsonl

For MySQL or MariaDB, set database.type and use the database name as the access schema:

database:
  type: mysql
  url: ${DATABASE_URL}

access:
  schemas:
    app:
      allow_tables:
        - users
        - orders
      deny_tables:
        - secrets

For SQLite, set database.type to sqlite, point database.path at the .db file, and use main as the access schema:

database:
  type: sqlite
  path: ./app.db

access:
  schemas:
    main:
      allow_tables:
        - users
        - orders
      deny_tables:
        - secrets

MCP Client Config

Claude Desktop:

{
  "mcpServers": {
    "safedb": {
      "command": "safedb-mcp",
      "args": ["--config", "/absolute/path/to/safedb.yaml"],
      "env": {
        "DATABASE_URL": "postgres://readonly:password@localhost:5432/app"
      }
    }
  }
}

Cursor or Hermes-style MCP config:

{
  "servers": {
    "safedb": {
      "command": "safedb-mcp",
      "args": ["--config", "/absolute/path/to/safedb.yaml"],
      "env": {
        "DATABASE_URL": "postgres://readonly:password@localhost:5432/app"
      }
    }
  }
}

Security Guarantees

SafeDB MCP aims to guarantee that:

Only configured schemas and tables are inspectable or queryable through the MCP tools.
SQL is parsed before execution, and mutating statement types or multiple statements are blocked.
Table access policy is checked against real tables found through joins, CTEs, nested subqueries, aliases, and unions.
Masked columns cannot be selected through aliases or expressions that would bypass response masking.
Query execution happens inside a read-only transaction with a local statement timeout where the driver supports it.
Returned rows are capped by an outer LIMIT.
Configured PII fields are masked before tool responses are returned.
Audit logs record attempts, decisions, detected tables, row counts, and duration without logging raw result rows.
Passwords and secrets are not intentionally logged.

Non-Goals

Formal proof of query safety.
Support for every valid dialect-specific read-only SQL construct.
Write operations, migrations, stored procedure execution, or COPY.

Development

npm install
npm run build
npm test
npm run lint

Roadmap

Per-tool and per-table rate limits.
Optional OpenTelemetry traces.
Signed audit logs.
Published Docker image and Helm chart.

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Safedb MCP Server

About

Security Report

Findings (11)Action required

Permissions Required

What You'll Need

How to Install

Documentation

SafeDB MCP

Features

Quickstart

Docker

Example Config

MCP Client Config

Security Guarantees

Non-Goals

Development

Roadmap

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript